Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1545403
MD5:5fd37092e188aa12ba7584cd40d25d4c
SHA1:660799b77e5563824bc359ad4c8f1209b812b3d1
SHA256:d2d3a8dee5e52ade5d60b6710e377dbb7b8b6c6e594f39deb26f76af4c116dcd
Tags:exeuser-Bitsight
Infos:

Detection

Credential Flusher
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6492 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 5FD37092E188AA12BA7584CD40D25D4C)
    • taskkill.exe (PID: 4092 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6528 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3540 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6696 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 5896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3964 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 4092 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 2020 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6380 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7260 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd956a1-f7c7-40ea-b0b0-151e89722d44} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b4116f710 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7980 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15267f41-787e-4fd2-b2ec-a17f3364382c} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5132c710 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1660 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bb9eb2-49bf-4de6-88b9-2a1086be9ba2} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5923d710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: file.exe PID: 6492JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Multi AV Scanner detection for submitted file
    Source: file.exeReversingLabs: Detection: 47%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.4% probability
    Machine Learning detection for sample
    Source: file.exeJoe Sandbox ML: detected
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49835 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.113.113:443 -> 192.168.2.7:55469 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55524 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55523 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55525 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55527 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55526 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55522 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55532 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55533 version: TLS 1.2
    Source: Binary string: UxTheme.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 00000015.00000003.1551629759.0000021B5941E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: bcrypt.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5355E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000015.00000003.1550853010.0000021B5943F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UxTheme.pdb source: firefox.exe, 00000015.00000003.1533211442.0000021B534C6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 00000015.00000003.1551629759.0000021B5941E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 00000015.00000003.1552396712.0000021B546C7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000015.00000003.1558580653.0000021B512F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 00000015.00000003.1539455102.0000021B512D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb kIR source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1520934431.0000021B52233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1556747698.0000021B52233000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 00000015.00000003.1554046921.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534991543.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1520194111.0000021B52252000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 00000015.00000003.1552396712.0000021B546C7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 00000015.00000003.1533510177.0000021B53491000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8imagehlp.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B5147B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538913788.0000021B514B0000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb@ source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbdropNullPlaceholders source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 00000015.00000003.1533211442.0000021B534C6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbvalidation_failed source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 00000015.00000003.1525228533.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515003943.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515003943.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 00000015.00000003.1539455102.0000021B512D5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000015.00000003.1550274204.0000021B59747000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdbP4 source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdbvar(--color-gray-60) source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B5147B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558280481.0000021B51445000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb0 source: firefox.exe, 00000015.00000003.1515003943.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 00000015.00000003.1526190479.0000021B5438A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515736924.0000021B5438A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 00000015.00000003.1532323127.0000021B59251000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8advapi32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534855493.0000021B52E6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1554046921.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534991543.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.21.dr
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.21.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdben source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B51445000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,6_2_00A8DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A5C2A2 FindFirstFileExW,6_2_00A5C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A968EE FindFirstFileW,FindClose,6_2_00A968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,6_2_00A9698F
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00A8D076
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00A8D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A99642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00A99642
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00A9979D
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A99B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,6_2_00A99B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A95C97 FindFirstFileW,FindNextFileW,FindClose,6_2_00A95C97
    Source: firefox.exeMemory has grown: Private usage: 41MB later: 224MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 151.101.193.91 151.101.193.91
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.113.113
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,6_2_00A9CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1438996538.0000021B5D451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000015.00000003.1513003397.0000021B59AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1386111529.0000021B5243A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1519591037.0000021B52436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1518961313.0000021B52479000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51BCA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536054429.0000021B52479000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1548320916.0000021B5D56C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1513003397.0000021B59AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1386111529.0000021B5243A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1519591037.0000021B52436000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1532409863.0000021B59247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1532409863.0000021B59247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000015.00000003.1532409863.0000021B59247000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1438996538.0000021B5D451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://2a8a4ba3-32a0-495a-bbc2-63871e7b7005/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1518961313.0000021B52479000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000015.00000003.1548320916.0000021B5D56C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000015.00000003.1537697076.0000021B51BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1514160122.0000021B595F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000015.00000003.1558673322.0000021B50C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampin
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 00000015.00000003.1514225567.0000021B594C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 00000015.00000003.1489622784.0000021B5947D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 00000015.00000003.1556981832.0000021B51A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558836562.0000021B4EE5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517889662.0000021B52E93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 00000015.00000003.1489622784.0000021B5947D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1498048637.0000021B535CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558836562.0000021B4EE5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527377863.0000021B536C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536589085.0000021B52449000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1497378069.0000021B536A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1498048637.0000021B535CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5355E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 00000015.00000003.1525327180.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com0
    Source: firefox.exe, 00000015.00000003.1461546416.0000021B5234B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 00000015.00000003.1559057327.0000021B4EE2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 00000015.00000003.1516407191.0000021B5430A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1499301063.0000021B533DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1456250960.0000021B54C44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1554046921.0000021B52DEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458269146.0000021B54CE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1478383532.0000021B52881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1478182764.0000021B52A9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1452669679.0000021B511F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1389613842.0000021B52732000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517058060.0000021B533DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1406127904.0000021B52A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1450687906.0000021B5287D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538606149.0000021B514EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1410557656.0000021B5287D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1452669679.0000021B511D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1404093488.0000021B52AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1406127904.0000021B52A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1463898068.0000021B52538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1540589878.0000021B4E523000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1411337016.0000021B52A8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 00000015.00000003.1544515318.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546607472.0000021B5AB18000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545408279.0000021B5AB16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 00000015.00000003.1552648666.0000021B54667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 00000015.00000003.1558836562.0000021B4EE5B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1386145108.0000021B522ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000015.00000003.1529051629.0000021B53342000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517528538.0000021B53342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul.
    Source: firefox.exe, 00000015.00000003.1539719086.0000021B51228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: mozilla-temp-41.21.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 00000015.00000003.1558836562.0000021B4EE4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 00000015.00000003.1493787060.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511640110.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 00000015.00000003.1490134676.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1406510713.0000021B528BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1476060176.0000021B528CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1401018011.0000021B52AF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1408940937.0000021B528A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1412670431.0000021B52AFD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559149665.0000021B4E5E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 00000015.00000003.1545838347.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1497022497.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 00000015.00000003.1537697076.0000021B51BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://app.adjust.com/a8bxj8j?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 00000015.00000003.1489810693.0000021B54DE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1514225567.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550649247.0000021B594E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1523095027.0000021B594CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000015.00000003.1523095027.0000021B594CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 00000015.00000003.1493787060.0000021B59FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1489295893.0000021B59488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511640110.0000021B59FDA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524285653.0000021B59490000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1514381628.0000021B59490000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53AB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 00000015.00000003.1389613842.0000021B52732000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 00000015.00000003.1385015673.0000021B594AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327899043.0000021B4F87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327130604.0000021B4F840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 00000015.00000003.1489295893.0000021B594FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000015.00000003.1489810693.0000021B54DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 00000015.00000003.1551763763.0000021B5940E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 00000015.00000003.1514381628.0000021B594B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1371050385.0000021B54C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 00000015.00000003.1493505910.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1486861447.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1548909698.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 00000015.00000003.1463898068.0000021B52531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1371050385.0000021B54C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 00000019.00000002.2537089646.0000013D83A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000015.00000003.1376396861.0000021B59982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1378257705.0000021B59973000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 00000015.00000003.1376396861.0000021B59982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1379313575.0000021B59984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1378257705.0000021B59973000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000015.00000003.1377937560.0000021B59994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 00000015.00000003.1486861447.0000021B5CEEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1493943679.0000021B59F63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 00000015.00000003.1486861447.0000021B5CE72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 00000015.00000003.1498048637.0000021B535CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549027929.0000021B5CE5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000019.00000002.2537089646.0000013D83A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515909502.0000021B54332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D330000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 00000015.00000003.1489810693.0000021B54DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1371050385.0000021B54C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 00000015.00000003.1327639094.0000021B4F860000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326736401.0000021B4F821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327130604.0000021B4F840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 00000015.00000003.1493505910.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1486861447.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1548909698.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 00000015.00000003.1525327180.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 00000015.00000003.1498608806.0000021B53581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1553118480.0000021B53583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5357B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.21.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
    Source: firefox.exe, 00000015.00000003.1559057327.0000021B4EE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1498048637.0000021B535CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000019.00000002.2537089646.0000013D83ABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/6e46f513-082c-4397-b7d1-020fe
    Source: firefox.exe, 00000015.00000003.1530264857.0000021B524B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/12672553-cb8c-4210-
    Source: firefox.exe, 00000015.00000003.1558836562.0000021B4EE5B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/0399c70f-6466-42ff-a0ab-38fb
    Source: firefox.exe, 00000015.00000003.1530264857.0000021B524B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/a3ec6fd8-5274-4e7d
    Source: firefox.exe, 00000015.00000003.1530264857.0000021B524B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b49d6732-0ae9-4eb1
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 00000015.00000003.1489295893.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1385015673.0000021B594CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550754594.0000021B594D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1514225567.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1523095027.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF69000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 00000015.00000003.1557569431.0000021B51A47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 00000015.00000003.1493505910.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1486861447.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1548909698.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000019.00000002.2537089646.0000013D83A86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D38E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s4
    Source: firefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 00000015.00000003.1559633587.0000021B4E561000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
    Source: firefox.exe, 00000015.00000003.1558673322.0000021B50C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 00000015.00000003.1556747698.0000021B52247000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000015.00000003.1558673322.0000021B50C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com
    Source: firefox.exe, 00000015.00000003.1558673322.0000021B50C87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000015.00000003.1545838347.0000021B53ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1496738850.0000021B53ADF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000015.00000003.1463898068.0000021B52531000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000015.00000003.1558114162.0000021B514DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538721299.0000021B514DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000015.00000003.1559149665.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000015.00000003.1559344930.0000021B4E5AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000015.00000003.1489622784.0000021B5947D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550853010.0000021B5946E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000019.00000002.2537089646.0000013D83A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 00000015.00000003.1514381628.0000021B594B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000015.00000003.1552396712.0000021B546BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83ABC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000001B.00000002.2537662931.0000021E1D3F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user=
    Source: firefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 00000015.00000003.1537697076.0000021B51BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1557569431.0000021B51A47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559149665.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000015.00000003.1377937560.0000021B59994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 00000015.00000003.1377937560.0000021B59994000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 00000015.00000003.1545838347.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527377863.0000021B536A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1497022497.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1499232683.0000021B534E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528502076.0000021B534E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1491412183.0000021B536A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517003692.0000021B534E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1497378069.0000021B536A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 00000015.00000003.1497242639.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1491262016.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527151781.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516886597.0000021B536F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 00000015.00000003.1497022497.0000021B53AC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/security-error
    Source: firefox.exe, 00000015.00000003.1520934431.0000021B52233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1530264857.0000021B524B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5356F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552826093.0000021B535D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1556747698.0000021B52233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1498048637.0000021B535D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 00000015.00000003.1455040670.0000021B54477000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 00000015.00000003.1532917770.0000021B5434F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1495640468.0000021B54344000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552716207.0000021B54353000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559149665.0000021B4E5E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 00000015.00000003.1514381628.0000021B594B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000015.00000003.1489295893.0000021B59488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524385031.0000021B59488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 00000015.00000003.1525327180.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1371050385.0000021B54C5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550274204.0000021B59747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: gmpopenh264.dll.tmp.21.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 00000015.00000003.1489622784.0000021B5946E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1495361867.0000021B5946E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550853010.0000021B5946E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 00000015.00000003.1327639094.0000021B4F860000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326736401.0000021B4F821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327899043.0000021B4F87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327130604.0000021B4F840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550274204.0000021B59747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000015.00000003.1499232683.0000021B534E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528502076.0000021B534E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517003692.0000021B534E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1557569431.0000021B51A47000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1494620848.0000021B59B9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000015.00000003.1549914813.0000021B59777000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487715466.0000021B59BA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
    Source: firefox.exe, 00000015.00000003.1376396861.0000021B59982000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1379313575.0000021B59984000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1378257705.0000021B59973000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
    Source: firefox.exe, 00000015.00000003.1497242639.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1491262016.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527151781.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516886597.0000021B536F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000015.00000003.1497022497.0000021B53AB5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5355E000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.21.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 00000015.00000003.1557569431.0000021B51A3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B597DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1382009757.0000021B597DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1493787060.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511640110.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
    Source: firefox.exe, 00000015.00000003.1497242639.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1491262016.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527151781.0000021B536F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516886597.0000021B536F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/mobile/get-app/?utm_medium=firefox-desktop&utm_source=onboarding-mod
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/I%
    Source: firefox.exe, 00000015.00000003.1514758886.0000021B54D1E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 00000015.00000003.1557569431.0000021B51A3E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1493787060.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511640110.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgY
    Source: firefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000015.00000003.1489295893.0000021B59488000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524385031.0000021B59488000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D30C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 00000015.00000003.1517406681.0000021B53377000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 00000015.00000003.1534855493.0000021B52E6B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.21.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 0000001B.00000002.2536581163.0000021E1D0D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=ht
    Source: firefox.exe, 00000017.00000002.2540516804.000001B724E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=htG5
    Source: firefox.exe, 0000001B.00000002.2534674371.0000021E1CF7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accoun
    Source: firefox.exe, 00000015.00000003.1517889662.0000021B52E93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515909502.0000021B54332000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540516804.000001B724E34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2535062671.000001B724A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2535062671.000001B724A1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2534246215.0000013D836F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2534246215.0000013D836FA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2535857265.0000013D83974000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2534674371.0000021E1CF7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536581163.0000021E1D0D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2534674371.0000021E1CF70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000013.00000002.1314922586.000001937C56E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.1321001246.000001898F277000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000017.00000002.2540516804.000001B724E34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2535062671.000001B724A10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2534246215.0000013D836F0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2535857265.0000013D83974000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536581163.0000021E1D0D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2534674371.0000021E1CF70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55469
    Source: unknownNetwork traffic detected: HTTP traffic on port 55525 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55586
    Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55524 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55464 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55524
    Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55525
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55526
    Source: unknownNetwork traffic detected: HTTP traffic on port 55527 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55527
    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55523 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55522
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55523
    Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 55532 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55469 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 55586 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55526 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55532
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55533
    Source: unknownNetwork traffic detected: HTTP traffic on port 55522 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55464
    Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55533 -> 443
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49723 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.7:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49766 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:49793 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49825 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.193.91:443 -> 192.168.2.7:49827 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49826 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49834 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49835 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.7:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.7:49837 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 142.250.113.113:443 -> 192.168.2.7:55469 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55524 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55523 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55525 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55527 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55526 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55522 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55532 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.7:55533 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,6_2_00A9EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_00A9ED6A
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,6_2_00A9EAFF
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,6_2_00A8AA57
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AB9576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,6_2_00AB9576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: file.exe, 00000006.00000000.1275028468.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_315141a7-1
    Source: file.exe, 00000006.00000000.1275028468.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_832bd31c-e
    Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_68cfa1c3-b
    Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7921e0cc-c
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84072377 NtQuerySystemInformation,25_2_0000013D84072377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84099BF2 NtQuerySystemInformation,25_2_0000013D84099BF2
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D5EB: CreateFileW,DeviceIoControl,CloseHandle,6_2_00A8D5EB
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A81201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,6_2_00A81201
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,6_2_00A8E8F6
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A280606_2_00A28060
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A920466_2_00A92046
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A882986_2_00A88298
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A5E4FF6_2_00A5E4FF
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A5676B6_2_00A5676B
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AB48736_2_00AB4873
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A4CAA06_2_00A4CAA0
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A2CAF06_2_00A2CAF0
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A3CC396_2_00A3CC39
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A56DD96_2_00A56DD9
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A291C06_2_00A291C0
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A3B1196_2_00A3B119
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A413946_2_00A41394
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A417066_2_00A41706
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A4781B6_2_00A4781B
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A419B06_2_00A419B0
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A279206_2_00A27920
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A3997D6_2_00A3997D
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A47A4A6_2_00A47A4A
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A47CA76_2_00A47CA7
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A41C776_2_00A41C77
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A59EEE6_2_00A59EEE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AABE446_2_00AABE44
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A41F326_2_00A41F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D8407237725_2_0000013D84072377
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84099BF225_2_0000013D84099BF2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D8409A31C25_2_0000013D8409A31C
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84099C3225_2_0000013D84099C32
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A29CB3 appears 31 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A40A30 appears 46 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 00A3F9F2 appears 40 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal72.troj.evad.winEXE@34/34@67/13
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A937B5 GetLastError,FormatMessageW,6_2_00A937B5
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A810BF AdjustTokenPrivileges,CloseHandle,6_2_00A810BF
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A816C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,6_2_00A816C3
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A951CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,6_2_00A951CD
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,6_2_00A8D4DC
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,6_2_00A9648E
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A242A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,6_2_00A242A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5896:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3664:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user~1\AppData\Local\Temp\firefoxJump to behavior
    Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1540589878.0000021B4E523000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 00000015.00000003.1539455102.0000021B512D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1493943679.0000021B59F58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 00000015.00000003.1493943679.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1487438059.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1511872467.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549493938.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545120499.0000021B59FBD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: file.exeReversingLabs: Detection: 47%
    Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd956a1-f7c7-40ea-b0b0-151e89722d44} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b4116f710 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15267f41-787e-4fd2-b2ec-a17f3364382c} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5132c710 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bb9eb2-49bf-4de6-88b9-2a1086be9ba2} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5923d710 utility
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd956a1-f7c7-40ea-b0b0-151e89722d44} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b4116f710 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15267f41-787e-4fd2-b2ec-a17f3364382c} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5132c710 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bb9eb2-49bf-4de6-88b9-2a1086be9ba2} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5923d710 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: UxTheme.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rsaenh.pdb source: firefox.exe, 00000015.00000003.1551629759.0000021B5941E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winsta.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: bcrypt.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5355E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msvcrt.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xWindows.StateRepositoryPS.pdb source: firefox.exe, 00000015.00000003.1550853010.0000021B5943F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WinTypes.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UxTheme.pdb source: firefox.exe, 00000015.00000003.1533211442.0000021B534C6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xul.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nssckbi.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dcomp.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: cryptsp.pdb source: firefox.exe, 00000015.00000003.1551629759.0000021B5941E000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc6.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: CLBCatQ.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntmarta.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: urlmon.pdb source: firefox.exe, 00000015.00000003.1552396712.0000021B546C7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8twinapi.appcore.pdb source: firefox.exe, 00000015.00000003.1558580653.0000021B512F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernelbase.pdb source: firefox.exe, 00000015.00000003.1539455102.0000021B512D5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shlwapi.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb kIR source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1520934431.0000021B52233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1556747698.0000021B52233000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreMessaging.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: win32u.pdb source: firefox.exe, 00000015.00000003.1554046921.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534991543.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dwmapi.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8bcryptprimitives.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: firefox.pdb source: firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1520194111.0000021B52252000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: srvcli.pdb source: firefox.exe, 00000015.00000003.1552396712.0000021B546C7000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: imm32.pdb source: firefox.exe, 00000015.00000003.1533510177.0000021B53491000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ws2_32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8imagehlp.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B5147B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538913788.0000021B514B0000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb@ source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdbdropNullPlaceholders source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gkcodecs.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8iphlpapi.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winmm.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1538721299.0000021B514BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558114162.0000021B514C1000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ole32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8CoreUIComponents.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cryptbase.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8cfgmgr32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msasn1.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: DWrite.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: combase.pdb source: firefox.exe, 00000015.00000003.1533211442.0000021B534C6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mswsock.pdbvalidation_failed source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8dhcpcsvc.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp140.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nss3.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ncrypt.pdb source: firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8webauthn.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Kernel.Appcore.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ColorAdapterClient.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wsock32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: UMPDC.pdb source: firefox.exe, 00000015.00000003.1525228533.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515003943.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515003943.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wininet.pdb source: firefox.exe, 00000015.00000003.1525059360.0000021B54BF3000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8kernel32.pdb source: firefox.exe, 00000015.00000003.1539455102.0000021B512D5000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8oleaut32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: rpcrt4.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8TextInputFramework.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: wshbth.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8InputHost.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8ucrtbase.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: xOneCoreUAPCommonProxyStub.pdb source: firefox.exe, 00000015.00000003.1550274204.0000021B59747000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdbP4 source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shcore.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdbvar(--color-gray-60) source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: shell32.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sspicli.pdb source: firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8taskschd.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B5147B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558280481.0000021B51445000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8msvcp_win.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8wtsapi32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: freebl3.pdb0 source: firefox.exe, 00000015.00000003.1515003943.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BDD000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dnsapi.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: userenv.pdb source: firefox.exe, 00000015.00000003.1526190479.0000021B5438A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515736924.0000021B5438A000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: nlaapi.pdb source: firefox.exe, 00000015.00000003.1546005065.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516925060.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527203885.0000021B536F6000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: winhttp.pdb source: firefox.exe, 00000015.00000003.1532323127.0000021B59251000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msimg32.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntasn1.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: devobj.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8advapi32.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Storage.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbghelp.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8netprofm.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: profapi.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: gdi32.pdb source: firefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534855493.0000021B52E6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1554046921.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1534991543.0000021B52D3F000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.Globalization.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: avrt.pdb source: firefox.exe, 00000015.00000003.1552061746.0000021B54D93000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1524794281.0000021B54D8B000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: WLDP.pdb source: firefox.exe, 00000015.00000003.1553212343.0000021B53535000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: sechost.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8directmanipulation.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8setupapi.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8vcruntime140_1.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: propsys.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8lgpllibs.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.21.dr
    Source: Binary string: 8vcruntime140.amd64.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8gdi32full.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512DC000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: msctf.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: version.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dbgcore.pdb source: firefox.exe, 00000015.00000003.1516925060.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1527309730.0000021B536EA000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mscms.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: user32.pdb source: firefox.exe, 00000015.00000003.1530264857.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518418484.0000021B5249C000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: twinapi.pdb source: firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.21.dr
    Source: Binary string: 8wintrust.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: psapi.pdb source: firefox.exe, 00000015.00000003.1528029029.0000021B535AF000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: mozglue.pdben source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8WindowManagementAPI.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: ntdll.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: dxgi.pdb source: firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8npmproxy.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512EE000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8linkinfo.pdb source: firefox.exe, 00000015.00000003.1558280481.0000021B51445000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: 8Windows.UI.Immersive.pdb source: firefox.exe, 00000015.00000003.1539250685.0000021B512F2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1558532886.0000021B512F8000.00000004.00000800.00020000.00000000.sdmp
    Source: Binary string: crypt32.pdb source: firefox.exe, 00000015.00000003.1530652059.0000021B52496000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518836690.0000021B52494000.00000004.00000800.00020000.00000000.sdmp
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,6_2_00A242DE
    Source: gmpopenh264.dll.tmp.21.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A40A76 push ecx; ret 6_2_00A40A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A3F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,6_2_00A3F98E
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AB1C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,6_2_00AB1C41
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_6-96330
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84072377 rdtsc 25_2_0000013D84072377
    Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.6 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,6_2_00A8DBBE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A5C2A2 FindFirstFileExW,6_2_00A5C2A2
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A968EE FindFirstFileW,FindClose,6_2_00A968EE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,6_2_00A9698F
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00A8D076
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00A8D3A9
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A99642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00A99642
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00A9979D
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A99B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,6_2_00A99B2B
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A95C97 FindFirstFileW,FindNextFileW,FindClose,6_2_00A95C97
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,6_2_00A242DE
    Source: firefox.exe, 0000001B.00000002.2540549179.0000021E1D400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWu
    Source: firefox.exe, 00000019.00000002.2534246215.0000013D836FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWpM
    Source: firefox.exe, 00000017.00000002.2535062671.000001B724A1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
    Source: firefox.exe, 0000001B.00000002.2534674371.0000021E1CF7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`(@
    Source: firefox.exe, 00000017.00000002.2542002824.000001B725000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllE
    Source: firefox.exe, 00000019.00000002.2540670097.0000013D83F60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000017.00000002.2541189764.000001B724F1F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000017.00000002.2542002824.000001B725000000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
    Source: firefox.exe, 00000017.00000002.2535062671.000001B724A46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
    Source: firefox.exe, 00000017.00000002.2542002824.000001B725000000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2540670097.0000013D83F60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 25_2_0000013D84072377 rdtsc 25_2_0000013D84072377
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A9EAA2 BlockInput,6_2_00A9EAA2
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A52622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00A52622
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,6_2_00A242DE
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A44CE8 mov eax, dword ptr fs:[00000030h]6_2_00A44CE8
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A80B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,6_2_00A80B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A52622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00A52622
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A4083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00A4083F
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A409D5 SetUnhandledExceptionFilter,6_2_00A409D5
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A40C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_00A40C21
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A81201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,6_2_00A81201
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A62BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,6_2_00A62BA5
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A8B226 SendInput,keybd_event,6_2_00A8B226
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AA22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,6_2_00AA22DA
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A80B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,6_2_00A80B62
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A81663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,6_2_00A81663
    Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: file.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A40698 cpuid 6_2_00A40698
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A98195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,6_2_00A98195
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A7D27A GetUserNameW,6_2_00A7D27A
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A5B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,6_2_00A5B952
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00A242DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,6_2_00A242DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6492, type: MEMORYSTR
    Source: file.exeBinary or memory string: WIN_81
    Source: file.exeBinary or memory string: WIN_XP
    Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: file.exeBinary or memory string: WIN_XPe
    Source: file.exeBinary or memory string: WIN_VISTA
    Source: file.exeBinary or memory string: WIN_7
    Source: file.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: file.exe PID: 6492, type: MEMORYSTR
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AA1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,6_2_00AA1204
    Source: C:\Users\user\Desktop\file.exeCode function: 6_2_00AA1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,6_2_00AA1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545403 Sample: file.exe Startdate: 30/10/2024 Architecture: WINDOWS Score: 72 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Credential Flusher 2->59 61 Binary is likely a compiled AutoIt script file 2->61 63 2 other signatures 2->63 8 file.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 210 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 142.250.113.113, 443, 55469 GOOGLEUS United States 19->51 53 youtube.com 142.250.186.110, 443, 49718, 49719 GOOGLEUS United States 19->53 55 11 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    file.exe47%ReversingLabsWin32.Trojan.CredentialFlusher
    file.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%URL Reputationsafe
    http://detectportal.firefox.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%URL Reputationsafe
    https://datastudio.google.com/embed/reporting/0%URL Reputationsafe
    http://www.mozilla.com00%URL Reputationsafe
    https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl0%URL Reputationsafe
    https://merino.services.mozilla.com/api/v1/suggest0%URL Reputationsafe
    https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%URL Reputationsafe
    https://www.leboncoin.fr/0%URL Reputationsafe
    https://spocs.getpocket.com/spocs0%URL Reputationsafe
    https://screenshots.firefox.com0%URL Reputationsafe
    https://shavar.services.mozilla.com0%URL Reputationsafe
    https://completion.amazon.com/search/complete?q=0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%URL Reputationsafe
    https://ads.stickyadstv.com/firefox-etp0%URL Reputationsafe
    https://identity.mozilla.com/ids/ecosystem_telemetryU0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%URL Reputationsafe
    https://monitor.firefox.com/breach-details/0%URL Reputationsafe
    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%URL Reputationsafe
    https://profiler.firefox.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/addon/0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def0%URL Reputationsafe
    https://tracking-protection-issues.herokuapp.com/new0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%URL Reputationsafe
    https://content-signature-2.cdn.mozilla.net/0%URL Reputationsafe
    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=ht0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%URL Reputationsafe
    https://api.accounts.firefox.com/v10%URL Reputationsafe
    https://fpn.firefox.com0%URL Reputationsafe
    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12836010%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%URL Reputationsafe
    https://MD8.mozilla.org/1/m0%URL Reputationsafe
    https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=12662200%URL Reputationsafe
    https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%URL Reputationsafe
    https://bugzilla.mo0%URL Reputationsafe
    https://mitmdetection.services.mozilla.com/0%URL Reputationsafe
    https://static.adsafeprotected.com/firefox-etp-js0%URL Reputationsafe
    https://shavar.services.mozilla.com/0%URL Reputationsafe
    https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%URL Reputationsafe
    https://spocs.getpocket.com/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%URL Reputationsafe
    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%URL Reputationsafe
    https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%URL Reputationsafe
    https://monitor.firefox.com/user/breach-stats?includeResolved=true0%URL Reputationsafe
    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=15844640%URL Reputationsafe
    http://a9.com/-/spec/opensearch/1.0/0%URL Reputationsafe
    https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%URL Reputationsafe
    https://monitor.firefox.com/user/dashboard0%URL Reputationsafe
    https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%URL Reputationsafe
    https://monitor.firefox.com/about0%URL Reputationsafe
    https://account.bellmedia.c0%URL Reputationsafe
    https://login.microsoftonline.com0%URL Reputationsafe
    https://coverage.mozilla.org0%URL Reputationsafe
    http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
    https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-8390%URL Reputationsafe
    https://www.zhihu.com/0%URL Reputationsafe
    http://x1.c.lencr.org/00%URL Reputationsafe
    http://x1.i.lencr.org/00%URL Reputationsafe
    http://a9.com/-/spec/opensearch/1.1/0%URL Reputationsafe
    https://infra.spec.whatwg.org/#ascii-whitespace0%URL Reputationsafe
    https://blocked.cdn.mozilla.net/0%URL Reputationsafe
    https://json-schema.org/draft/2019-09/schema0%URL Reputationsafe
    https://duckduckgo.com/?t=ffab&q=0%URL Reputationsafe
    https://profiler.firefox.com0%URL Reputationsafe
    https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
    https://identity.mozilla.com/apps/relay0%URL Reputationsafe
    https://mozilla.cloudflare-dns.com/dns-query0%URL Reputationsafe
    https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings20%URL Reputationsafe
    https://bugzilla.mozilla.org/show_bug.cgi?id=16784480%URL Reputationsafe
    https://contile.services.mozilla.com/v1/tiles0%URL Reputationsafe
    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/0%URL Reputationsafe
    https://monitor.firefox.com/user/preferences0%URL Reputationsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		unknown
      star-mini.c10r.facebook.com
      		157.240.252.35
      		truefalse
        		unknown
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		unknown
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		unknown
            twitter.com
            		104.244.42.129
            		truefalse
              		unknown
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		unknown
                services.addons.mozilla.org
                		151.101.193.91
                		truefalse
                  		unknown
                  dyna.wikimedia.org
                  		185.15.59.224
                  		truefalse
                    		unknown
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		unknown
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		unknown
                        youtube.com
                        		142.250.186.110
                        		truefalse
                          		unknown
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		unknown
                            youtube-ui.l.google.com
                            		142.250.186.174
                            		truefalse
                              		unknown
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		unknown
                                reddit.map.fastly.net
                                		151.101.193.140
                                		truefalse
                                  		unknown
                                  ipv4only.arpa
                                  		192.0.0.170
                                  		truefalse
                                    		unknown
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		unknown
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		unknown
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		unknown
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		unknown
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		unknown
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		unknown
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		unknown
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		unknown
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		unknown

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000015.00000003.1530081986.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518223736.0000021B52E57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://detectportal.firefox.com/firefox.exe, 00000015.00000003.1489622784.0000021B5947D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://detectportal.firefox.com0firefox.exe, 00000015.00000003.1525327180.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B62000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490827239.0000021B54B62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://datastudio.google.com/embed/reporting/firefox.exe, 00000015.00000003.1493505910.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1486861447.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1548909698.0000021B5CE9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.mozilla.com0gmpopenh264.dll.tmp.21.drfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1371050385.0000021B54C5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000019.00000002.2537089646.0000013D83A86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D38E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.leboncoin.fr/firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000015.00000003.1514381628.0000021B594B7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://screenshots.firefox.comfirefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://shavar.services.mozilla.comfirefox.exe, 00000015.00000003.1559149665.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E5BA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 00000015.00000003.1385015673.0000021B594AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327899043.0000021B4F87F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327130604.0000021B4F840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000015.00000003.1537697076.0000021B51BBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1537697076.0000021B51B52000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1382746493.0000021B597A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://monitor.firefox.com/breach-details/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550274204.0000021B59747000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://profiler.firefox.com/firefox.exe, 00000015.00000003.1559633587.0000021B4E561000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://www.msn.comfirefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://github.com/mozilla-services/screenshotsfirefox.exe, 00000015.00000003.1327639094.0000021B4F860000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326736401.0000021B4F821000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1327130604.0000021B4F840000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1326434610.0000021B50C00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 00000015.00000003.1377937560.0000021B59994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://youtube.com/firefox.exe, 00000015.00000003.1534855493.0000021B52E6B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://content-signature-2.cdn.mozilla.net/firefox.exe, 00000015.00000003.1489295893.0000021B594FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLKfirefox.exe, 00000015.00000003.1487438059.0000021B59FEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://app.adjust.com/167k4ih?campaign=firefox-desktop&adgroup=pb&creative=focus-omc172&redirect=htfirefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://api.accounts.firefox.com/v1firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.amazon.com/firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://fpn.firefox.comfirefox.exe, 00000015.00000003.1540773575.0000021B4DF50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.youtube.com/firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83A0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D30C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://MD8.mozilla.org/1/mfirefox.exe, 00000015.00000003.1558836562.0000021B4EE4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://www.bbc.co.uk/firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000015.00000003.1552162694.0000021B54D3C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552216069.0000021B54B2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D3C3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://127.0.0.1:firefox.exe, 00000015.00000003.1558673322.0000021B50C87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000015.00000003.1463898068.0000021B52531000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://bugzilla.mofirefox.exe, 00000015.00000003.1516532692.0000021B53AB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://mitmdetection.services.mozilla.com/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000015.00000003.1537697076.0000021B51BD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1518961313.0000021B52468000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59728000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1536360804.0000021B52468000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://youtube.com/account?=recovery.jsonlz4.tmp.21.drfalse
                                                                                                  		unknown
                                                                                                  https://shavar.services.mozilla.com/firefox.exe, 00000015.00000003.1539006578.0000021B51445000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000017.00000002.2537553448.000001B724DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000019.00000002.2537089646.0000013D83AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2540788041.0000021E1D503000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.21.drfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://spocs.getpocket.com/firefox.exe, 00000019.00000002.2537089646.0000013D83A12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000001B.00000002.2537662931.0000021E1D313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.iqiyi.com/firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://addons.mozilla.org/firefox.exe, 00000015.00000003.1487715466.0000021B59BAE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 00000015.00000003.1515263688.0000021B543FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000015.00000003.1559585311.0000021B4E587000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://monitor.firefox.com/aboutfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://mozilla.org/MPL/2.0/.firefox.exe, 00000015.00000003.1516407191.0000021B5430A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1499301063.0000021B533DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1456250960.0000021B54C44000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1554046921.0000021B52DEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458269146.0000021B54CE0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1478383532.0000021B52881000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1478182764.0000021B52A9D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1452669679.0000021B511F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1389613842.0000021B52732000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1517058060.0000021B533DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1406127904.0000021B52A8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525228533.0000021B54BB6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1450687906.0000021B5287D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1538606149.0000021B514EA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1410557656.0000021B5287D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1452669679.0000021B511D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1404093488.0000021B52AA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1406127904.0000021B52A6B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1463898068.0000021B52538000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1540589878.0000021B4E523000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1411337016.0000021B52A8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://account.bellmedia.cfirefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            http://youtube.com/firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://login.microsoftonline.comfirefox.exe, 00000015.00000003.1495640468.0000021B54340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://coverage.mozilla.orgfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.21.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 00000015.00000003.1377937560.0000021B59994000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://www.zhihu.com/firefox.exe, 00000015.00000003.1490827239.0000021B54B12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1525327180.0000021B54B12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://x1.c.lencr.org/0firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://x1.i.lencr.org/0firefox.exe, 00000015.00000003.1496738850.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1516532692.0000021B53ADD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1545838347.0000021B53AEF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1490294790.0000021B54D62000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000015.00000003.1531040704.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1375920286.0000021B5207B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550181155.0000021B59762000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 00000015.00000003.1456250960.0000021B54C53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1458452045.0000021B54C53000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://blocked.cdn.mozilla.net/firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000015.00000003.1489295893.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1385015673.0000021B594CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1550754594.0000021B594D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1514225567.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1523095027.0000021B594CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://profiler.firefox.comfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://identity.mozilla.com/apps/relayfirefox.exe, 00000015.00000003.1498608806.0000021B53581000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1553118480.0000021B53583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1528201878.0000021B5357B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000015.00000003.1532917770.0000021B5434F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1495640468.0000021B54344000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1515909502.0000021B54344000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1552716207.0000021B54353000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 00000015.00000003.1407801495.0000021B51C2E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1407040895.0000021B51C1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1437305822.0000021B52AE2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 00000015.00000003.1544518795.0000021B4E825000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1485662099.0000021B4E839000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1559441777.0000021B4E59A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1539857757.0000021B4E586000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343821270.0000021B4E833000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1343367332.0000021B4E82A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1337170172.0000021B4E833000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/firefox.exe, 00000015.00000003.1516532692.0000021B53A19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1526629943.0000021B53A19000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000015.00000003.1514381628.0000021B594B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://www.amazon.co.uk/firefox.exe, 00000015.00000003.1531040704.0000021B59758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1383746328.0000021B59753000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1376073997.0000021B5206D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1488892184.0000021B59727000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 00000015.00000003.1498048637.0000021B535CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000003.1549027929.0000021B5CE5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 00000017.00000002.2540850920.000001B724E40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000019.00000002.2536342364.0000013D83980000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.2536344667.0000021E1D040000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    34.149.100.209
                                                                                                                    		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                    34.107.243.93
                                                                                                                    		push.services.mozilla.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    34.107.221.82
                                                                                                                    		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    35.244.181.201
                                                                                                                    		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    34.117.188.166
                                                                                                                    		contile.services.mozilla.comUnited States
                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                    142.250.113.113
                                                                                                                    		unknownUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    151.101.193.91
                                                                                                                    		services.addons.mozilla.orgUnited States
                                                                                                                    		54113FASTLYUSfalse
                                                                                                                    35.201.103.21
                                                                                                                    		normandy-cdn.services.mozilla.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    142.250.186.110
                                                                                                                    		youtube.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    35.190.72.216
                                                                                                                    		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    34.160.144.191
                                                                                                                    		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                    		2686ATGS-MMD-ASUSfalse
                                                                                                                    34.120.208.123
                                                                                                                    		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                    		15169GOOGLEUSfalse

                                                                                                                    Private

                                                                                                                    IP
                                                                                                                    127.0.0.1

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1545403
                                                                                                                    Start date and time:2024-10-30 14:17:51 +01:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 7m 20s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:32
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:file.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal72.troj.evad.winEXE@34/34@67/13
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 50%
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 94%
                                                                                                                    • Number of executed functions: 40
                                                                                                                    • Number of non-executed functions: 314
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 54.185.230.140, 35.160.212.113, 52.11.191.138, 142.250.185.138, 216.58.206.74, 216.58.206.46, 2.22.61.72, 2.22.61.56, 142.250.185.206, 142.250.186.78
                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, otelrules.azureedge.net, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, time.windows.com, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                    • VT rate limit hit for: file.exe

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    09:19:04API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                        151.101.193.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                            34.149.100.209file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                example.orgfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 93.184.215.14
                                                                                                                                                                                star-mini.c10r.facebook.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 157.240.252.35
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 157.240.253.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.252.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.0.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.0.35
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 157.240.253.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.0.35
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 157.240.253.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.0.35
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 157.240.251.35
                                                                                                                                                                                twitter.comfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 104.244.42.129
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 104.244.42.193
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.65
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.1
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.1
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 104.244.42.129
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.129
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 104.244.42.65
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.1
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 104.244.42.1

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                app64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                • 34.117.59.81
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.117.188.166
                                                                                                                                                                                ATGS-MMD-ASUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 34.160.144.191

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123
                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                • 35.244.181.201
                                                                                                                                                                                • 142.250.113.113
                                                                                                                                                                                • 151.101.193.91
                                                                                                                                                                                • 34.149.100.209
                                                                                                                                                                                • 34.160.144.191
                                                                                                                                                                                • 34.120.208.123

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_be74e065-5293-48e6-92c7-83b4bccd00e7.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):7957
                                                                                                                                                                                                                        Entropy (8bit):5.174987918693384
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:YovMvMXZVOcbhbVbTbfbRbObtbyEl7nENGJA6unSrDtTkd/S98:YovFWcNhnzFSJkNF1nSrDhkd/c8
                                                                                                                                                                                                                        MD5:60E87DE006EB1C41E58458E41CACCF9D
                                                                                                                                                                                                                        SHA1:932D883E16764BF156E07EECABE85761C56BD36C
                                                                                                                                                                                                                        SHA-256:B7242289933DBCF2F4A7E97509DEF568AD95B07B3641AE589BECE5D19145438D
                                                                                                                                                                                                                        SHA-512:E6943776EB79C5FB57DEFCBFCBBE306ED81920C7122F105D5C3B80B1D9B2FFE5481C08793E790911596EBF94CC70F99B0A54BEE24F18156D5FA9678ED12B3E9F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"be74e065-5293-48e6-92c7-83b4bccd00e7","creationDate":"2024-10-30T14:48:39.005Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                        C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_be74e065-5293-48e6-92c7-83b4bccd00e7.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):7957
                                                                                                                                                                                                                        Entropy (8bit):5.174987918693384
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:YovMvMXZVOcbhbVbTbfbRbObtbyEl7nENGJA6unSrDtTkd/S98:YovFWcNhnzFSJkNF1nSrDhkd/c8
                                                                                                                                                                                                                        MD5:60E87DE006EB1C41E58458E41CACCF9D
                                                                                                                                                                                                                        SHA1:932D883E16764BF156E07EECABE85761C56BD36C
                                                                                                                                                                                                                        SHA-256:B7242289933DBCF2F4A7E97509DEF568AD95B07B3641AE589BECE5D19145438D
                                                                                                                                                                                                                        SHA-512:E6943776EB79C5FB57DEFCBFCBBE306ED81920C7122F105D5C3B80B1D9B2FFE5481C08793E790911596EBF94CC70F99B0A54BEE24F18156D5FA9678ED12B3E9F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"type":"uninstall","id":"be74e065-5293-48e6-92c7-83b4bccd00e7","creationDate":"2024-10-30T14:48:39.005Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"a12d1cd1-4ce7-42ab-ae29-5c019c43f6ba","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                        MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                        SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                        SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                        SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):453023
                                                                                                                                                                                                                        Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                        MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                        SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                        SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                        SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                                        Entropy (8bit):4.941115674897494
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLb68P:8S+Oc+UAOdwiOdKeQjDLb68P
                                                                                                                                                                                                                        MD5:FFA97AFED3E42A1316FDD297C32B5472
                                                                                                                                                                                                                        SHA1:15DEE947F075F92B8CBF6CF94652E9D50B7AF414
                                                                                                                                                                                                                        SHA-256:666494CB99AA9AC0671E30386BBE991A062DE6F7858EEDD86986E783388DA25E
                                                                                                                                                                                                                        SHA-512:874B1ED911713182BB20E610C6847B586CC9F1CE9A4C1094E9757080BE0EB2DD7832AA897D7ECA8315363DDDB7F759B7CB9C178B9AA201E83BDB993D9088CEA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4514
                                                                                                                                                                                                                        Entropy (8bit):4.941115674897494
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:8S+OcaPUFqOdwNIOdvtkeQjvYZUBLb68P:8S+Oc+UAOdwiOdKeQjDLb68P
                                                                                                                                                                                                                        MD5:FFA97AFED3E42A1316FDD297C32B5472
                                                                                                                                                                                                                        SHA1:15DEE947F075F92B8CBF6CF94652E9D50B7AF414
                                                                                                                                                                                                                        SHA-256:666494CB99AA9AC0671E30386BBE991A062DE6F7858EEDD86986E783388DA25E
                                                                                                                                                                                                                        SHA-512:874B1ED911713182BB20E610C6847B586CC9F1CE9A4C1094E9757080BE0EB2DD7832AA897D7ECA8315363DDDB7F759B7CB9C178B9AA201E83BDB993D9088CEA1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"d14ccc2f-033b-49c7-a2e0-d7a247e302f1","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-05T07:41:33.819Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"mixed-content-level-2-roll-out-release-113":{"slug":"mixed-content-level-2-roll-out-release-113","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 23432 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5318
                                                                                                                                                                                                                        Entropy (8bit):6.62067557672702
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:V2YbKsKNU2xWrp327tGmD4wBON6h6cHaJVJuZMd0JGkkrwLUe:VTx2x2t0FDJ4NpwZMd0EJwLv
                                                                                                                                                                                                                        MD5:A0DD0256A122A64D1C1A98C36F89F368
                                                                                                                                                                                                                        SHA1:B82AF63B4A4261477DA4CD2AC34B4DD7BB5EBEA0
                                                                                                                                                                                                                        SHA-256:EE9278644D02739D27E4FD9D8006AD49D9A0D80AD251BA2C3F144A408F65A9F3
                                                                                                                                                                                                                        SHA-512:ED3AE377C1AD9E6694307CC60554665058541DD2BB80FEB1832616ACE39623E842DB3CD9153771ABD1874703DCBF4B81CABE050E2F2553D723A96A163AA41911
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40..[....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24
                                                                                                                                                                                                                        Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                        MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                        SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                        SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                        SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\content-prefs.sqlite

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):262144
                                                                                                                                                                                                                        Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                        MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                        SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                        SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                        SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):66
                                                                                                                                                                                                                        Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                        MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                        SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                        SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                        SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\extensions.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):36830
                                                                                                                                                                                                                        Entropy (8bit):5.186376962556299
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:NI40vfXXQ4z6X4n44a4T4h4b4rhEhvj4Lw4m4x44g:NJhWvx
                                                                                                                                                                                                                        MD5:C2A8F76D683C9F86054CA7775732A180
                                                                                                                                                                                                                        SHA1:FB1F8B84825D53E58290E53D65F8A73C5794E281
                                                                                                                                                                                                                        SHA-256:4744AACB03666A594CF1BB6E6491105F0AB600259D8E0BA483164F2AE9C90221
                                                                                                                                                                                                                        SHA-512:F804B8CF7277D2F6E8AA8BDFFF099ECCEC00CE59FEB3F3EB47D5E4B36FBB2C23466233C966F53483F0DF365E13AB9BB9256B685645FC366A5A24C72907E54025
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{9f54712e-79e2-445b-974a-266a0185f206}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                        MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                        SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                        SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                        SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1021904
                                                                                                                                                                                                                        Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                        MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                        SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                        SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                        SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):116
                                                                                                                                                                                                                        Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                        MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                        SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                        SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                        SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\permissions.sqlite

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                                                                        Entropy (8bit):0.07330992764995756
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiT:DLhesh7Owd4+ji
                                                                                                                                                                                                                        MD5:7377A955E394F9B398ACC0B859E98E91
                                                                                                                                                                                                                        SHA1:51D0A8F617FAD2991943C6A3082570A295183908
                                                                                                                                                                                                                        SHA-256:2DBAD86AC9EECBD93D7046B58C409B683FD3672AEC378E15670C175DE537D4F5
                                                                                                                                                                                                                        SHA-512:93D208261C9A804614AAB02F13450FDFA285A957B131354BDF3EED9D37B47506C29F3BC39D16373EE86B45B27C141A32DA1756293C8AC57C40C828CE14D3C758
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-shm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                        Entropy (8bit):0.034757609438718286
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:GtlstFqe65KadJ8+L9ltlstFqe65KadJ8+LY89//alEl:GtWtovvpltWtovvU89XuM
                                                                                                                                                                                                                        MD5:832FD79726CA40A23E05F7924969D347
                                                                                                                                                                                                                        SHA1:1426999B159784C11B020B42B008224FBB5B1C5E
                                                                                                                                                                                                                        SHA-256:3EBA2FD67A3FC47B7BD00C5D7797642F060814AF963802715CA3DF2B645CD587
                                                                                                                                                                                                                        SHA-512:22C65B39C36CF521137AE705F11F6AB607E5917437F239D1DC79D3585C63EADC6E2C782B80E329A3F78933319A56B656134A2E0D44E9C1CBC1FE06667C7AF1A7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..-......................v..!..f@..p../.. c.n....-......................v..!..f@..p../.. c.n..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite-wal

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32824
                                                                                                                                                                                                                        Entropy (8bit):0.03901732751508375
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Ol1HImeKP/oflmYlZT94wl8rEXsxdwhml8XW3R2:KxnYmYbJrl8dMhm93w
                                                                                                                                                                                                                        MD5:D151A4B0215B5D51E1ABF6DE5C07EE7A
                                                                                                                                                                                                                        SHA1:E588845783354969A3A4C641A4E273B54A1A4D34
                                                                                                                                                                                                                        SHA-256:C86AEC5C38D9108B9E0C968BFFC7CDEDB08D42853868B0454128AC44F44112CA
                                                                                                                                                                                                                        SHA-512:8C0756B609C65C3D724E063EC9B48CB792DCC715CA7A4820C4D26F9B3100D579695B24D4AB160D0F9B5FEF3AAC3A0FC63BE9943D175D443FEEE127DB5927F235
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:7....-..........@..p../...S{..h........@..p../..v.f..!................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs-1.js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13214
                                                                                                                                                                                                                        Entropy (8bit):5.477573448471703
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:lbnSRkyYbBp6KqUCaX26VtuNzl5RHNBw8dVnSl:MeZqU1/alPwG0
                                                                                                                                                                                                                        MD5:8FC6923F667722DC3198D0B13ABE3B7E
                                                                                                                                                                                                                        SHA1:6C9D4382A97228270BD3DF83421A00F050319081
                                                                                                                                                                                                                        SHA-256:F6D382C02BDCD99E3F089FDD94C8EF4CC88F1AA8941538493A1DABF13189D82D
                                                                                                                                                                                                                        SHA-512:DA01A5524A7B502493E078A76370ACFE722FD365931D6B0284A44D25C534808B0858A297A925449E071E60788E8D88688C0661B2AECCB32797CA1E2AFBB0103A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730299689);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730299689);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730299689);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173029

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (1769), with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13214
                                                                                                                                                                                                                        Entropy (8bit):5.477573448471703
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:lbnSRkyYbBp6KqUCaX26VtuNzl5RHNBw8dVnSl:MeZqU1/alPwG0
                                                                                                                                                                                                                        MD5:8FC6923F667722DC3198D0B13ABE3B7E
                                                                                                                                                                                                                        SHA1:6C9D4382A97228270BD3DF83421A00F050319081
                                                                                                                                                                                                                        SHA-256:F6D382C02BDCD99E3F089FDD94C8EF4CC88F1AA8941538493A1DABF13189D82D
                                                                                                                                                                                                                        SHA-512:DA01A5524A7B502493E078A76370ACFE722FD365931D6B0284A44D25C534808B0858A297A925449E071E60788E8D88688C0661B2AECCB32797CA1E2AFBB0103A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "27fb6245-bd08-4de6-8f4d-2ece3f597752");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1730299689);..user_pref("app.update.lastUpdateTime.background-update-timer", 1730299689);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1730299689);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173029

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\protections.sqlite

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):65536
                                                                                                                                                                                                                        Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                        MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                        SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                        SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                        SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):90
                                                                                                                                                                                                                        Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                        MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                        SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                        SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                        SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                        Entropy (8bit):6.336681685838113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxS9WLXnIgI/pnxQwRlszT5sKhiK73eHVVPNZTN9amhuj3pOOcUb2mi7:GUpOxuWInR6D3etZTz45edHd
                                                                                                                                                                                                                        MD5:7D41A550220B6FE871716340822CCFE2
                                                                                                                                                                                                                        SHA1:C101CD729F006F1E615288C46669CD15D4D2AC29
                                                                                                                                                                                                                        SHA-256:2E4E4712364FEA7EE4951E80D3A06866535AA2EED89B456A3CDE2562014C7C89
                                                                                                                                                                                                                        SHA-512:2190A28A734C26CE7BBAB9772C579DA682B741922D480EC2F23D6E76377D649F0AE2D4DD962B7ABF70B0C035AD9BBFA61618D000EEE73D2936B030F900F89745
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{16dc239e-9709-4615-9b30-0bfad0d8eaa2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730299696201,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P58743...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...64346,"originA...."f

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                        Entropy (8bit):6.336681685838113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxS9WLXnIgI/pnxQwRlszT5sKhiK73eHVVPNZTN9amhuj3pOOcUb2mi7:GUpOxuWInR6D3etZTz45edHd
                                                                                                                                                                                                                        MD5:7D41A550220B6FE871716340822CCFE2
                                                                                                                                                                                                                        SHA1:C101CD729F006F1E615288C46669CD15D4D2AC29
                                                                                                                                                                                                                        SHA-256:2E4E4712364FEA7EE4951E80D3A06866535AA2EED89B456A3CDE2562014C7C89
                                                                                                                                                                                                                        SHA-512:2190A28A734C26CE7BBAB9772C579DA682B741922D480EC2F23D6E76377D649F0AE2D4DD962B7ABF70B0C035AD9BBFA61618D000EEE73D2936B030F900F89745
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{16dc239e-9709-4615-9b30-0bfad0d8eaa2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730299696201,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P58743...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...64346,"originA...."f

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1566
                                                                                                                                                                                                                        Entropy (8bit):6.336681685838113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:v+USUGlcAxS9WLXnIgI/pnxQwRlszT5sKhiK73eHVVPNZTN9amhuj3pOOcUb2mi7:GUpOxuWInR6D3etZTz45edHd
                                                                                                                                                                                                                        MD5:7D41A550220B6FE871716340822CCFE2
                                                                                                                                                                                                                        SHA1:C101CD729F006F1E615288C46669CD15D4D2AC29
                                                                                                                                                                                                                        SHA-256:2E4E4712364FEA7EE4951E80D3A06866535AA2EED89B456A3CDE2562014C7C89
                                                                                                                                                                                                                        SHA-512:2190A28A734C26CE7BBAB9772C579DA682B741922D480EC2F23D6E76377D649F0AE2D4DD962B7ABF70B0C035AD9BBFA61618D000EEE73D2936B030F900F89745
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{16dc239e-9709-4615-9b30-0bfad0d8eaa2}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1730299696201,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...4b3ac14b-43e5-4896-86e8-9e7d502ce1b5","zD..1...Wm..l........j..:....1":{..mUpdate...startTim..P58743...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abbc25ad08ccc1b2d785bc1812d8faa4d50f401055c8d3ce6d11bb3b0958223be","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...64346,"originA...."f

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage.sqlite

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                        Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                        MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                        SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                        SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                        SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4537
                                                                                                                                                                                                                        Entropy (8bit):5.03737036146497
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:YrSAYn6eUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:yc6+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                        MD5:D4C8CD41E91EF8646A11344B554B811F
                                                                                                                                                                                                                        SHA1:A5722751DA07DD882D17A0C923A0AEB6EEFB85B9
                                                                                                                                                                                                                        SHA-256:610570517B1A80B6DCE49D22813E66DBB577F3389F1D93214A29C8D4E0419CA0
                                                                                                                                                                                                                        SHA-512:576CC253D3D7AB3889DD18C2C9706204D78B3359F50CB7CDAAD13BDF9E17713E67CA380108791FD50C2B007A6C6C4169ACC44F010BCCE10A5FA8869197B972FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-30T14:47:57.137Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4537
                                                                                                                                                                                                                        Entropy (8bit):5.03737036146497
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:YrSAYn6eUQZpExB1+anO8e6WCVhhOjVkWAYzzc8rYMsku7f86SLAVL7J5FtsfAct:yc6+TEr5ZwoIhzzcHvbw6Kkdrc2Rn27
                                                                                                                                                                                                                        MD5:D4C8CD41E91EF8646A11344B554B811F
                                                                                                                                                                                                                        SHA1:A5722751DA07DD882D17A0C923A0AEB6EEFB85B9
                                                                                                                                                                                                                        SHA-256:610570517B1A80B6DCE49D22813E66DBB577F3389F1D93214A29C8D4E0419CA0
                                                                                                                                                                                                                        SHA-512:576CC253D3D7AB3889DD18C2C9706204D78B3359F50CB7CDAAD13BDF9E17713E67CA380108791FD50C2B007A6C6C4169ACC44F010BCCE10A5FA8869197B972FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-10-30T14:47:57.137Z","profileAgeCreated":1696491685971,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):6.584679045395137
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:file.exe
                                                                                                                                                                                                                        File size:919'552 bytes
                                                                                                                                                                                                                        MD5:5fd37092e188aa12ba7584cd40d25d4c
                                                                                                                                                                                                                        SHA1:660799b77e5563824bc359ad4c8f1209b812b3d1
                                                                                                                                                                                                                        SHA256:d2d3a8dee5e52ade5d60b6710e377dbb7b8b6c6e594f39deb26f76af4c116dcd
                                                                                                                                                                                                                        SHA512:913db1960bcdb05dcb917d9015abea94fa4aaf28277d8fe387b917ae7ddac02a72ac013b878edccb3dc9021c4d1e24566e94a6a6c82c5f8f53187d60516d749a
                                                                                                                                                                                                                        SSDEEP:12288:4qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga/TG:4qDEvCTbMWu7rQYlBQcBiT6rprG8abG
                                                                                                                                                                                                                        TLSH:AB159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                        File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x420577
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                        Time Stamp:0x672230B5 [Wed Oct 30 13:12:21 2024 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                                                                        Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        call 00007F3AC47F6833h
                                                                                                                                                                                                                        jmp 00007F3AC47F613Fh
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                        call 00007F3AC47F631Dh
                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                        call 00007F3AC47F62EAh
                                                                                                                                                                                                                        mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                        mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                        and dword ptr [eax], 00000000h
                                                                                                                                                                                                                        and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                        add eax, 04h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        call 00007F3AC47F8EDDh
                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                        mov eax, esi
                                                                                                                                                                                                                        pop esi
                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                        retn 0004h
                                                                                                                                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                        mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        call 00007F3AC47F8F28h
                                                                                                                                                                                                                        pop ecx
                                                                                                                                                                                                                        ret
                                                                                                                                                                                                                        push ebp
                                                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                        mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                        call 00007F3AC47F8F11h
                                                                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                        pop ecx

                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9c28.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0xd40000x9c280x9e00df8b72d0dbf9849f85009f59a5abdaa5False0.31559038765822783data5.372979771304039IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                        RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                        RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                        RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                        RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                        RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                        RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                        RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                        RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                        RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                        RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                        RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                        RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                        RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                        RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                        RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                        RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                        RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                        RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                        RT_RCDATA0xdc7b80xef0data1.0028765690376569
                                                                                                                                                                                                                        RT_GROUP_ICON0xdd6a80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7200x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7340x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                        RT_GROUP_ICON0xdd7480x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                        RT_VERSION0xdd75c0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                        RT_MANIFEST0xdd8380x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                        VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                        WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                        COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                        MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                        WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                        PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                        IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                        USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                        UxTheme.dllIsThemeActive
                                                                                                                                                                                                                        KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                        USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                        GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                        COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                        ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                        SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                        ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                        OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishGreat Britain

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851497889 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851528883 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851700068 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851732969 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.852096081 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.852107048 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.893712044 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.893733978 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898402929 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898416996 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898629904 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898802996 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898840904 CET4434972134.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.898966074 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.899003029 CET4434972235.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.903125048 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.903552055 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.904628992 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.904639959 CET4434972134.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.905057907 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.906052113 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.906064987 CET4434972235.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.908154964 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.908390999 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.914741039 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.934072971 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.934114933 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.934901953 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.934928894 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.939446926 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.939709902 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.939896107 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.939914942 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.942058086 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.942068100 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.040529013 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.040579081 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.042331934 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.042486906 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.042498112 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.543546915 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.546837091 CET4434972235.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.547056913 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.547805071 CET4434972134.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.548934937 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.556101084 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.556170940 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.566389084 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.569145918 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.582144022 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.582150936 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.582473993 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.587644100 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.587661028 CET4434972235.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.587758064 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.587929010 CET4434972235.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588228941 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588294983 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588401079 CET4434972335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588573933 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588598013 CET4434972134.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588618994 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.588792086 CET4434972134.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.589695930 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.589714050 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.589771032 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.589837074 CET4434972434.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.591415882 CET49722443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.591427088 CET49723443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.591435909 CET49721443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.592195988 CET49724443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.657032967 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.671561956 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.671646118 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.674911976 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.674920082 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.675215960 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677405119 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677536011 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677578926 CET4434972534.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677894115 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677927971 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.677975893 CET49725443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.678132057 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.678266048 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.678276062 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.717504978 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.724776030 CET804972034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.726089954 CET4972080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.795265913 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.796031952 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.801315069 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.801326990 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.801789999 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.802103043 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.802598000 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.802654028 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.842016935 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.155245066 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.155272961 CET4434973934.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.158617020 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.160826921 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.160844088 CET4434973934.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163494110 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163512945 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163706064 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163759947 CET44349719142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163777113 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163795948 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.164001942 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.164288998 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.164295912 CET44349718142.250.186.110192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.164542913 CET49718443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.164740086 CET49719443192.168.2.7142.250.186.110
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.165565014 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.171256065 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.171334028 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.171556950 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.178533077 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.294987917 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.295073032 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.298717976 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.298741102 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.299022913 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.302453995 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.302548885 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.302620888 CET4434973234.160.144.191192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.302690983 CET49732443192.168.2.734.160.144.191
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.422632933 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.428117990 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.428679943 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.428786993 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.434371948 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.816137075 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.819794893 CET4434973934.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.833098888 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.873505116 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919167042 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919203043 CET4434973934.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919368982 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919444084 CET4434973934.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919847965 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.919888973 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.935024977 CET49739443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.935071945 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.937263966 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.937285900 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.033771992 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.088634968 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.224020004 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.224059105 CET4434974834.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.224534988 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.227094889 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.227113008 CET4434974834.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.520498991 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.526346922 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.580429077 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.587352037 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.595355988 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.595369101 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.595663071 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.602464914 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.602479935 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.602551937 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.602628946 CET4434974234.117.188.166192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.607372046 CET49742443192.168.2.734.117.188.166
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.663005114 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.710644960 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.728653908 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.759633064 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.858032942 CET4434974834.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.859551907 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.864274025 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.864286900 CET4434974834.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.864365101 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.864459991 CET4434974834.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.864542007 CET49748443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.081855059 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.084317923 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.088234901 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.090337992 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.210285902 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.210992098 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.261115074 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.261234999 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.270806074 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.276232004 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.296993017 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297043085 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297260046 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297455072 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297467947 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.331127882 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.331151962 CET4434976734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.331743956 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.333173990 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.333185911 CET4434976734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.357521057 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.357547998 CET4434976834.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.358576059 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.360711098 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.360732079 CET4434976834.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.397742033 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.454301119 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.895451069 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.895822048 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.928035021 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.928057909 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.928375959 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.953116894 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.953196049 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.953373909 CET4434976635.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.955714941 CET4434976734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.956512928 CET49766443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.956629038 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.967084885 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.967097998 CET4434976734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.967186928 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.967392921 CET4434976734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.968050957 CET49767443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.015815020 CET4434976834.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.015891075 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.022120953 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.022138119 CET4434976834.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.022201061 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.022608042 CET4434976834.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:09.024198055 CET49768443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.590925932 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.596986055 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.609246969 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.609282017 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.609422922 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.610799074 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.610810041 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.649940968 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.649981976 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.650785923 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.653445959 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.653470993 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.717758894 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.777731895 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.023794889 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.029288054 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.030863047 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.030905962 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.031023026 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.031193972 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.031213045 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.150916100 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.210242033 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.221221924 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.221296072 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.273010015 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.273487091 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.667396069 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.667932034 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.744141102 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.744174957 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.744498014 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.751579046 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.751611948 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.751962900 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.751995087 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752006054 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752516985 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752531052 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752549887 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752769947 CET4434978534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.752983093 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.753055096 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.753160954 CET4434978634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.755419970 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.755523920 CET49785443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.755551100 CET49786443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.959345102 CET4434978334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.959548950 CET49783443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.513361931 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.518845081 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.605226040 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.605272055 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.606062889 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.606076002 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.607780933 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.607804060 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.614614010 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.614639997 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.614681005 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.657998085 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.714915037 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.754954100 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.754976034 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.755358934 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.755359888 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.755376101 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.755378008 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.758164883 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.763567924 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.885051966 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.931327105 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.355808973 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.355820894 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.355887890 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.360230923 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.360238075 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.360364914 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.360419035 CET4434979134.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.361387968 CET49791443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.363244057 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.367782116 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.367793083 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.367861986 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.368813992 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.370515108 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.370524883 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.371640921 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.396749973 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.396765947 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.397195101 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.399446011 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.399455070 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.399708033 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.416903973 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.448133945 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.490535975 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.533090115 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.565252066 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.565485954 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.565610886 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.644121885 CET49792443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.644144058 CET4434979234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.671880007 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.671958923 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.672166109 CET4434979334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.674654961 CET49793443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.694565058 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.699969053 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.738476992 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.743837118 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.821336031 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.863745928 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.890208006 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.905957937 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.138561964 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.143915892 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.265634060 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.313147068 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.144129038 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.144166946 CET4434981534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.144248009 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.145775080 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.145785093 CET4434981534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.756755114 CET4434981534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.756830931 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.762213945 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.762238979 CET4434981534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.762312889 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.762502909 CET4434981534.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.764920950 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.765029907 CET49815443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.770373106 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.899698019 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.907215118 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.913254976 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.942845106 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:25.037082911 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:25.096582890 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.161176920 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.161223888 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.165280104 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.165613890 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.165622950 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.188885927 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.188936949 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.189034939 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.189201117 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.189213037 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196135998 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196176052 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196443081 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196556091 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196576118 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.206240892 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.206285000 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.214790106 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.216342926 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.216370106 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.224169016 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.224208117 CET4434982935.201.103.21192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.224803925 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.226325989 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.226341963 CET4434982935.201.103.21192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.788466930 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.796603918 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.799803019 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.799827099 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.800682068 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.806977987 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.807060957 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.807604074 CET4434982535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.807837963 CET49825443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.809696913 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.809794903 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.812773943 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.812783957 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.813083887 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.813177109 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.815470934 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.815470934 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.815654039 CET44349827151.101.193.91192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.815716028 CET49827443192.168.2.7151.101.193.91
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.820018053 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.823831081 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.823868990 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825062990 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825119019 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825378895 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825525999 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825529099 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.825539112 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.826054096 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.826071024 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.827617884 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.827629089 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.828190088 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.828341007 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.828346968 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.830620050 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.830698013 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.833781004 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.833786964 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.834119081 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837091923 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837188005 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837287903 CET4434982634.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837335110 CET49826443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837840080 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837857962 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.837909937 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.842824936 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.842838049 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.842925072 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.843002081 CET4434982835.190.72.216192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.843709946 CET49828443192.168.2.735.190.72.216
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.846983910 CET4434982935.201.103.21192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.847423077 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.852229118 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.852256060 CET4434982935.201.103.21192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.852323055 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.852462053 CET4434982935.201.103.21192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.852973938 CET49829443192.168.2.735.201.103.21
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.856242895 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.856275082 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.856406927 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.856484890 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.856498957 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.941080093 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.944032907 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.950443029 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.983274937 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.072633982 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.121386051 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.440692902 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.443991899 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.445564985 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.445668936 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.448723078 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.448755980 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.448762894 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.448781967 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.449019909 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.451117992 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.451148033 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.451517105 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.453425884 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.453454971 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.453754902 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.458293915 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.458442926 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.458645105 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.458652020 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459039927 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459085941 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459435940 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459491014 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459669113 CET4434983535.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.459886074 CET4434983335.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.460006952 CET49835443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.460027933 CET49833443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.465085030 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.466222048 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.467530966 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.470323086 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.471800089 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.471822023 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.472126961 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.473906994 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.474090099 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.474265099 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.474275112 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.479327917 CET4434983734.149.100.209192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.483402967 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.483402967 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.483402967 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.484538078 CET49837443192.168.2.734.149.100.209
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.593055010 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.596610069 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.602852106 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.638575077 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.667325020 CET4434983435.244.181.201192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.667740107 CET49834443192.168.2.735.244.181.201
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.723841906 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.770112991 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.599147081 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.604821920 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.737272024 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.742572069 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.908782959 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.908829927 CET4435546434.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.908912897 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.911794901 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.911808968 CET4435546434.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.129133940 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.129168987 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.131246090 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.131454945 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.131469965 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.535834074 CET4435546434.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.535908937 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.540848970 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.540857077 CET4435546434.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.540961981 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.541001081 CET4435546434.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.541248083 CET55464443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.543464899 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.548846960 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.670336962 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.676659107 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.681952000 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.720626116 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.728288889 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.728348017 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.729072094 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.729125977 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.732698917 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.732708931 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.732949018 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.735048056 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.735143900 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.735207081 CET44355469142.250.113.113192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.736195087 CET55469443192.168.2.7142.250.113.113
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.741107941 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.746438026 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.803906918 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.854584932 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.866631985 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.869720936 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.875006914 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.917093992 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.997176886 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:46.039613962 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:55.867419004 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:55.872840881 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:55.998909950 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:56.005151987 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.261969090 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262020111 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262135029 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262170076 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262254000 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262286901 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262386084 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262414932 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262504101 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262511969 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262633085 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262641907 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262681961 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262775898 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262784958 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262789011 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262850046 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262854099 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262979031 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262993097 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263192892 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263206005 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263282061 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263290882 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263365030 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263375044 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263447046 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263457060 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263542891 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.263556957 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.866483927 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.868460894 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.871638060 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.871649981 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.872040987 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.872661114 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.873450041 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.875204086 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.876075983 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.876085043 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.876357079 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.876725912 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.876843929 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.877260923 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.877300978 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.878727913 CET4435552434.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.880098104 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.880660057 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.880800009 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.880819082 CET4435552334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.881234884 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.881268024 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.882545948 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.883335114 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.884365082 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886452913 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886488914 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886499882 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886656046 CET55524443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886677980 CET55523443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886718035 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886718035 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886749983 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.886769056 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.889667988 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.889683008 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.889691114 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.890059948 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.891938925 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.891948938 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.892213106 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.894360065 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.894373894 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.894714117 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.895107985 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.895131111 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.895194054 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.895210981 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.898755074 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.898875952 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.898988962 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899023056 CET4435552534.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899044037 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899175882 CET4435552734.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899431944 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899499893 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899544954 CET4435552634.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899772882 CET55525443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899787903 CET55526443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.899789095 CET55527443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.903975010 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.904723883 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.907541990 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.907552958 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.907881975 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.909540892 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.909631014 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.909719944 CET4435552234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.910165071 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.910181999 CET55522443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.009541988 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.014493942 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.019836903 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.051855087 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.141273022 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.205610991 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.505101919 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.505116940 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.505175114 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.507442951 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.507626057 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.508436918 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.508445978 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.508734941 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.510863066 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.510873079 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.511153936 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514013052 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514209032 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514230013 CET4435553234.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514231920 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514308929 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.514390945 CET4435553334.120.208.123192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.515680075 CET55532443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.515697956 CET55533443192.168.2.734.120.208.123
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.517961025 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.523377895 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.862348080 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.866398096 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.871884108 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.892663956 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.892797947 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.993720055 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:59.039181948 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:08.870434046 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:08.875778913 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:09.006938934 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:09.012314081 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:18.891576052 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:18.897188902 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:19.023178101 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:19.028563023 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.566004038 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.566047907 CET4435558634.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.566174030 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.567651987 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.567713022 CET4435558634.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.214632034 CET4435558634.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.215038061 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.220072985 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.220094919 CET4435558634.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.220156908 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.220299006 CET4435558634.107.243.93192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.223711967 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.225161076 CET55586443192.168.2.734.107.243.93
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.229007959 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.349112034 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.353015900 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.358433962 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.401757956 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.480076075 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.540066957 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.367479086 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.372946978 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.483537912 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.489108086 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.374357939 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.380213022 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.512474060 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.517895937 CET804974034.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.388473988 CET4974180192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.396745920 CET804974134.107.221.82192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.542131901 CET4974080192.168.2.734.107.221.82
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.547676086 CET804974034.107.221.82192.168.2.7

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.609735966 CET6326253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.609927893 CET5824853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.831582069 CET5101353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849159002 CET53582481.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849637032 CET53510131.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851720095 CET5453453192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.852884054 CET5703653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.853749037 CET5788653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.859200954 CET53545341.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.860281944 CET53570361.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.860526085 CET4926653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.861210108 CET6081553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.861874104 CET53578861.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.862369061 CET5865653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.869177103 CET53492661.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.869189024 CET53608151.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.870531082 CET53586561.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.874021053 CET6068553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.878297091 CET6216453192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.882518053 CET53606851.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.888062000 CET53621641.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.902179956 CET5580453192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.904084921 CET6139653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.908945084 CET5015653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.912003994 CET53558041.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.912499905 CET53613961.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.920514107 CET53501561.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.935461044 CET5166753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.944664955 CET53516671.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.952584982 CET5820253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.960597038 CET53582021.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.020330906 CET5347653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.030019999 CET53534761.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.041012049 CET5398353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.049637079 CET53539831.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.056727886 CET6180353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.065749884 CET53618031.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.164961100 CET5471953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.194684029 CET53509441.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.706818104 CET6505853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.707631111 CET6432953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.708064079 CET5106153192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.714358091 CET53650581.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.714842081 CET53643291.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.716342926 CET53510611.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.723752975 CET5022053192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.735294104 CET53502201.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.735934973 CET5050553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.744314909 CET53505051.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.154422045 CET5333953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.289711952 CET6465053192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.292428017 CET5119553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297266960 CET53646501.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.298338890 CET5550553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.300095081 CET53511951.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.306819916 CET53555051.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.307666063 CET6034753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.316078901 CET53603471.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.331444025 CET6249553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.338773012 CET53624951.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.349209070 CET5420053192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.351308107 CET6200253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.356488943 CET53542001.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.358498096 CET6149153192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.358853102 CET53620021.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.365782022 CET53614911.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.375243902 CET5021253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.382700920 CET53502121.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.650501013 CET6463653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.658036947 CET53646361.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.606393099 CET5123053192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.613687992 CET53512301.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.167701960 CET6298553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.168201923 CET6407553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.168576956 CET5348353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET53629851.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175543070 CET53640751.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176114082 CET5332753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176785946 CET53534831.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176788092 CET5662753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.177335024 CET5595053192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET53533271.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184545040 CET53566271.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184696913 CET6334953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185260057 CET53559501.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185296059 CET6423853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185734987 CET5898453192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192637920 CET53633491.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192975998 CET53589841.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.193198919 CET53642381.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.193434954 CET6390253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.194003105 CET4959153192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET53639021.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201180935 CET53495911.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.202074051 CET6482353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.202136993 CET5930953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209239960 CET53593091.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209253073 CET53648231.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.211941957 CET6516853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.212380886 CET5854353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.220002890 CET53651681.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.220027924 CET53585431.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.144792080 CET5240553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.152760983 CET53524051.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.169878960 CET5715653192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.177922964 CET53571561.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.184809923 CET6098553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.193850040 CET53609851.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196352959 CET5576253192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.203670979 CET53557621.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.214402914 CET5171853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.215308905 CET6457453192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.221786976 CET53517181.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.223141909 CET53645741.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.224741936 CET6215953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.232229948 CET53621591.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.235133886 CET5366953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.243091106 CET53536691.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.509488106 CET53527061.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.908129930 CET5618953192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.916017056 CET53561891.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.917330980 CET5817753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.925355911 CET53581771.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.543735981 CET5981853192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262204885 CET5036753192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.269596100 CET53503671.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.556935072 CET5969553192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.565031052 CET53596951.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.565749884 CET6054353192.168.2.71.1.1.1
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.573308945 CET53605431.1.1.1192.168.2.7
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.224483967 CET6146753192.168.2.71.1.1.1

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.609735966 CET192.168.2.71.1.1.10x7a00Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.609927893 CET192.168.2.71.1.1.10xcc5Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.831582069 CET192.168.2.71.1.1.10x5c12Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.851720095 CET192.168.2.71.1.1.10x3a9fStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.852884054 CET192.168.2.71.1.1.10x4cc9Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.853749037 CET192.168.2.71.1.1.10x89fcStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.860526085 CET192.168.2.71.1.1.10xd3d9Standard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.861210108 CET192.168.2.71.1.1.10xece9Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.862369061 CET192.168.2.71.1.1.10x6d7aStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.874021053 CET192.168.2.71.1.1.10x1b08Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.878297091 CET192.168.2.71.1.1.10xf7d0Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.902179956 CET192.168.2.71.1.1.10x8b48Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.904084921 CET192.168.2.71.1.1.10x361bStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.908945084 CET192.168.2.71.1.1.10x37adStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.935461044 CET192.168.2.71.1.1.10x4b7aStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.952584982 CET192.168.2.71.1.1.10xa51fStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.020330906 CET192.168.2.71.1.1.10xad17Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.041012049 CET192.168.2.71.1.1.10xe327Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.056727886 CET192.168.2.71.1.1.10xae43Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.164961100 CET192.168.2.71.1.1.10xb810Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.706818104 CET192.168.2.71.1.1.10x34f6Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.707631111 CET192.168.2.71.1.1.10x179bStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.708064079 CET192.168.2.71.1.1.10x9243Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.723752975 CET192.168.2.71.1.1.10xa7ceStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.735934973 CET192.168.2.71.1.1.10x308bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.154422045 CET192.168.2.71.1.1.10xd7ceStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.289711952 CET192.168.2.71.1.1.10xc5bfStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.292428017 CET192.168.2.71.1.1.10x4d6cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.298338890 CET192.168.2.71.1.1.10x38cfStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.307666063 CET192.168.2.71.1.1.10x8d23Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.331444025 CET192.168.2.71.1.1.10x916aStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.349209070 CET192.168.2.71.1.1.10x306aStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.351308107 CET192.168.2.71.1.1.10xafc2Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.358498096 CET192.168.2.71.1.1.10x5635Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.375243902 CET192.168.2.71.1.1.10xfc38Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.650501013 CET192.168.2.71.1.1.10x5d97Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.606393099 CET192.168.2.71.1.1.10x88e0Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.167701960 CET192.168.2.71.1.1.10xd6bStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.168201923 CET192.168.2.71.1.1.10xde12Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.168576956 CET192.168.2.71.1.1.10xa95fStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176114082 CET192.168.2.71.1.1.10xa562Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176788092 CET192.168.2.71.1.1.10x3a54Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.177335024 CET192.168.2.71.1.1.10x8eacStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184696913 CET192.168.2.71.1.1.10x5806Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185296059 CET192.168.2.71.1.1.10xcb0aStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185734987 CET192.168.2.71.1.1.10x6314Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.193434954 CET192.168.2.71.1.1.10xc48fStandard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.194003105 CET192.168.2.71.1.1.10x9942Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.202074051 CET192.168.2.71.1.1.10x80Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.202136993 CET192.168.2.71.1.1.10x7268Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.211941957 CET192.168.2.71.1.1.10x52a2Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.212380886 CET192.168.2.71.1.1.10x18ffStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.144792080 CET192.168.2.71.1.1.10xfc32Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.169878960 CET192.168.2.71.1.1.10xd59Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.184809923 CET192.168.2.71.1.1.10xc520Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.196352959 CET192.168.2.71.1.1.10x6c8bStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.214402914 CET192.168.2.71.1.1.10x22a8Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.215308905 CET192.168.2.71.1.1.10x4e89Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.224741936 CET192.168.2.71.1.1.10x2686Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.235133886 CET192.168.2.71.1.1.10x1b44Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.908129930 CET192.168.2.71.1.1.10x28a2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.917330980 CET192.168.2.71.1.1.10xadceStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.543735981 CET192.168.2.71.1.1.10xdafaStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.262204885 CET192.168.2.71.1.1.10x493fStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.556935072 CET192.168.2.71.1.1.10x6694Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.565749884 CET192.168.2.71.1.1.10x10eaStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.224483967 CET192.168.2.71.1.1.10xc722Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849159002 CET1.1.1.1192.168.2.70xcc5No error (0)youtube.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849621058 CET1.1.1.1192.168.2.70x7a00No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849621058 CET1.1.1.1192.168.2.70x7a00No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.849637032 CET1.1.1.1192.168.2.70x5c12No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.850409985 CET1.1.1.1192.168.2.70xd03bNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.859200954 CET1.1.1.1192.168.2.70x3a9fNo error (0)youtube.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.860281944 CET1.1.1.1192.168.2.70x4cc9No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.861874104 CET1.1.1.1192.168.2.70x89fcNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.869177103 CET1.1.1.1192.168.2.70xd3d9No error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.869189024 CET1.1.1.1192.168.2.70xece9No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.876413107 CET1.1.1.1192.168.2.70x5a65No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.876413107 CET1.1.1.1192.168.2.70x5a65No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.882518053 CET1.1.1.1192.168.2.70x1b08No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.888062000 CET1.1.1.1192.168.2.70xf7d0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.912003994 CET1.1.1.1192.168.2.70x8b48No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.912003994 CET1.1.1.1192.168.2.70x8b48No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.944664955 CET1.1.1.1192.168.2.70x4b7aNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.030019999 CET1.1.1.1192.168.2.70xad17No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.030019999 CET1.1.1.1192.168.2.70xad17No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.030019999 CET1.1.1.1192.168.2.70xad17No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.049637079 CET1.1.1.1192.168.2.70xe327No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.065749884 CET1.1.1.1192.168.2.70xae43No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.174525023 CET1.1.1.1192.168.2.70xb810No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.714358091 CET1.1.1.1192.168.2.70x34f6No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.714842081 CET1.1.1.1192.168.2.70x179bNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.716342926 CET1.1.1.1192.168.2.70x9243No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.716342926 CET1.1.1.1192.168.2.70x9243No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.735294104 CET1.1.1.1192.168.2.70xa7ceNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163202047 CET1.1.1.1192.168.2.70xd7ceNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.163202047 CET1.1.1.1192.168.2.70xd7ceNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.295666933 CET1.1.1.1192.168.2.70xa61fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.295666933 CET1.1.1.1192.168.2.70xa61fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297266960 CET1.1.1.1192.168.2.70xc5bfNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297266960 CET1.1.1.1192.168.2.70xc5bfNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.297266960 CET1.1.1.1192.168.2.70xc5bfNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.306819916 CET1.1.1.1192.168.2.70x38cfNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.329056978 CET1.1.1.1192.168.2.70xd3ddNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.338773012 CET1.1.1.1192.168.2.70x916aNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.356488943 CET1.1.1.1192.168.2.70x306aNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.356488943 CET1.1.1.1192.168.2.70x306aNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.365782022 CET1.1.1.1192.168.2.70x5635No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.608155012 CET1.1.1.1192.168.2.70x1d3dNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com172.217.16.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com216.58.206.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.181.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175188065 CET1.1.1.1192.168.2.70xd6bNo error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175543070 CET1.1.1.1192.168.2.70xde12No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.175543070 CET1.1.1.1192.168.2.70xde12No error (0)star-mini.c10r.facebook.com157.240.252.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176785946 CET1.1.1.1192.168.2.70xa95fNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.176785946 CET1.1.1.1192.168.2.70xa95fNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com172.217.16.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com216.58.206.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.74.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.185.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.184.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.184.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com172.217.18.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.186.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.185.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184083939 CET1.1.1.1192.168.2.70xa562No error (0)youtube-ui.l.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.184545040 CET1.1.1.1192.168.2.70x3a54No error (0)star-mini.c10r.facebook.com157.240.0.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.185260057 CET1.1.1.1192.168.2.70x8eacNo error (0)dyna.wikimedia.org185.15.59.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192637920 CET1.1.1.1192.168.2.70x5806No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192637920 CET1.1.1.1192.168.2.70x5806No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192637920 CET1.1.1.1192.168.2.70x5806No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192637920 CET1.1.1.1192.168.2.70x5806No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.192975998 CET1.1.1.1192.168.2.70x6314No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.193198919 CET1.1.1.1192.168.2.70xcb0aNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET1.1.1.1192.168.2.70xc48fNo error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET1.1.1.1192.168.2.70xc48fNo error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET1.1.1.1192.168.2.70xc48fNo error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET1.1.1.1192.168.2.70xc48fNo error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201065063 CET1.1.1.1192.168.2.70xc48fNo error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.201180935 CET1.1.1.1192.168.2.70x9942No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209239960 CET1.1.1.1192.168.2.70x7268No error (0)twitter.com104.244.42.193A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209253073 CET1.1.1.1192.168.2.70x80No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209253073 CET1.1.1.1192.168.2.70x80No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209253073 CET1.1.1.1192.168.2.70x80No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:21.209253073 CET1.1.1.1192.168.2.70x80No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.167299986 CET1.1.1.1192.168.2.70x7ea0No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.167299986 CET1.1.1.1192.168.2.70x7ea0No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.193850040 CET1.1.1.1192.168.2.70xc520No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.193850040 CET1.1.1.1192.168.2.70xc520No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.193850040 CET1.1.1.1192.168.2.70xc520No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.193850040 CET1.1.1.1192.168.2.70xc520No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.203670979 CET1.1.1.1192.168.2.70x6c8bNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.203670979 CET1.1.1.1192.168.2.70x6c8bNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.203670979 CET1.1.1.1192.168.2.70x6c8bNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.203670979 CET1.1.1.1192.168.2.70x6c8bNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.221786976 CET1.1.1.1192.168.2.70x22a8No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.221786976 CET1.1.1.1192.168.2.70x22a8No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.223141909 CET1.1.1.1192.168.2.70x4e89No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.223141909 CET1.1.1.1192.168.2.70x4e89No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.223141909 CET1.1.1.1192.168.2.70x4e89No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.223141909 CET1.1.1.1192.168.2.70x4e89No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.232229948 CET1.1.1.1192.168.2.70x2686No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.476145983 CET1.1.1.1192.168.2.70xcfbNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.476145983 CET1.1.1.1192.168.2.70xcfbNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:44.916017056 CET1.1.1.1192.168.2.70x28a2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.552978039 CET1.1.1.1192.168.2.70xdafaNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.552978039 CET1.1.1.1192.168.2.70xdafaNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.260571957 CET1.1.1.1192.168.2.70x2b74No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:25.565031052 CET1.1.1.1192.168.2.70x6694No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.232290030 CET1.1.1.1192.168.2.70xc722No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.232290030 CET1.1.1.1192.168.2.70xc722No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • detectportal.firefox.com

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.74972034.107.221.82806380C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 30, 2024 14:19:01.908390999 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:02.543546915 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84885
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.74974034.107.221.82806380C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.171556950 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.816137075 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75812
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.520498991 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.663005114 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75813
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.081855059 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.210285902 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75814
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.270806074 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:08.397742033 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75817
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.023794889 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:13.150916100 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75822
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.758164883 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.885051966 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75823
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.694565058 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.821336031 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75825
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.138561964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:19.265634060 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75828
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.907215118 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:25.037082911 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75833
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.944032907 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.072633982 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75837
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.596610069 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.723841906 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75837
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.737272024 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.676659107 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.803906918 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75854
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.869720936 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.997176886 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75854
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:55.998909950 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.014493942 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.141273022 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75867
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.866398096 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.993720055 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75867
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:20:09.006938934 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:19.023178101 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.353015900 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.480076075 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 16:15:31 GMT
                                                                                                                                                                                                                        Age: 75895
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                        Data Ascii: success
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.483537912 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.512474060 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.542131901 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.2.74974134.107.221.82806380C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Oct 30, 2024 14:19:03.428786993 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.033771992 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84886
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.580429077 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:04.710644960 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84887
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.084317923 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:05.210992098 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84888
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.590925932 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:12.717758894 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84895
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.513361931 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:14.657998085 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84897
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.363244057 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:15.490535975 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84898
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.738476992 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:16.863745928 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84899
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.764920950 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:24.899698019 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84907
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.813177109 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:27.941080093 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84910
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.465085030 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:28.593055010 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84911
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:38.599147081 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.543464899 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.670336962 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84928
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.741107941 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:45.866631985 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84928
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:55.867419004 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:19:57.884365082 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.009541988 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84940
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.517961025 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.862348080 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84941
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:19:58.892663956 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84941
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:20:08.870434046 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:18.891576052 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.223711967 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                        Host: detectportal.firefox.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Oct 30, 2024 14:20:26.349112034 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                        Content-Length: 90
                                                                                                                                                                                                                        Via: 1.1 google
                                                                                                                                                                                                                        Date: Tue, 29 Oct 2024 13:44:17 GMT
                                                                                                                                                                                                                        Age: 84969
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                        Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                        Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                        Oct 30, 2024 14:20:36.367479086 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:46.374357939 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        Oct 30, 2024 14:20:56.388473988 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:09:18:50
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                                                        Imagebase:0xa20000
                                                                                                                                                                                                                        File size:919'552 bytes
                                                                                                                                                                                                                        MD5 hash:5FD37092E188AA12BA7584CD40D25D4C
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                        Start time:09:18:51
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:09:18:51
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                        Start time:09:18:53
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                        Start time:09:18:53
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                        Imagebase:0x330000
                                                                                                                                                                                                                        File size:74'240 bytes
                                                                                                                                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                        Start time:09:18:54
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                        Start time:09:18:55
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20230927232528 -prefsHandle 2212 -prefMapHandle 2204 -prefsLen 25302 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd956a1-f7c7-40ea-b0b0-151e89722d44} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b4116f710 socket
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:25
                                                                                                                                                                                                                        Start time:09:18:58
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -parentBuildID 20230927232528 -prefsHandle 3844 -prefMapHandle 3840 -prefsLen 26317 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15267f41-787e-4fd2-b2ec-a17f3364382c} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5132c710 rdd
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                        Start time:09:19:07
                                                                                                                                                                                                                        Start date:30/10/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 33185 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36bb9eb2-49bf-4de6-88b9-2a1086be9ba2} 6380 "\\.\pipe\gecko-crash-server-pipe.6380" 21b5923d710 utility
                                                                                                                                                                                                                        Imagebase:0x7ff722870000
                                                                                                                                                                                                                        File size:676'768 bytes
                                                                                                                                                                                                                        MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:1.9%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:4.4%
                                                                                                                                                                                                                          Total number of Nodes:1520
                                                                                                                                                                                                                          Total number of Limit Nodes:52
                                                                                                                                                                                                                          execution_graph 95568 a22de3 95569 a22df0 __wsopen_s 95568->95569 95570 a22e09 95569->95570 95571 a62c2b ___scrt_fastfail 95569->95571 95584 a23aa2 95570->95584 95574 a62c47 GetOpenFileNameW 95571->95574 95576 a62c96 95574->95576 95641 a26b57 95576->95641 95580 a62cab 95580->95580 95581 a22e27 95612 a244a8 95581->95612 95653 a61f50 95584->95653 95587 a23ae9 95659 a2a6c3 95587->95659 95588 a23ace 95590 a26b57 22 API calls 95588->95590 95591 a23ada 95590->95591 95655 a237a0 95591->95655 95594 a22da5 95595 a61f50 __wsopen_s 95594->95595 95596 a22db2 GetLongPathNameW 95595->95596 95597 a26b57 22 API calls 95596->95597 95598 a22dda 95597->95598 95599 a23598 95598->95599 95710 a2a961 95599->95710 95602 a23aa2 23 API calls 95603 a235b5 95602->95603 95604 a235c0 95603->95604 95605 a632eb 95603->95605 95715 a2515f 95604->95715 95609 a6330d 95605->95609 95727 a3ce60 41 API calls 95605->95727 95611 a235df 95611->95581 95728 a24ecb 95612->95728 95615 a63833 95750 a92cf9 95615->95750 95616 a24ecb 94 API calls 95618 a244e1 95616->95618 95618->95615 95620 a244e9 95618->95620 95619 a63848 95621 a6384c 95619->95621 95622 a63869 95619->95622 95625 a63854 95620->95625 95626 a244f5 95620->95626 95777 a24f39 95621->95777 95624 a3fe0b 22 API calls 95622->95624 95632 a638ae 95624->95632 95783 a8da5a 82 API calls 95625->95783 95776 a2940c 136 API calls 2 library calls 95626->95776 95629 a63862 95629->95622 95630 a22e31 95631 a24f39 68 API calls 95634 a63a5f 95631->95634 95632->95634 95638 a29cb3 22 API calls 95632->95638 95784 a8967e 22 API calls __fread_nolock 95632->95784 95785 a895ad 42 API calls _wcslen 95632->95785 95786 a90b5a 22 API calls 95632->95786 95787 a2a4a1 22 API calls __fread_nolock 95632->95787 95788 a23ff7 22 API calls 95632->95788 95634->95631 95789 a8989b 82 API calls __wsopen_s 95634->95789 95638->95632 95642 a26b67 _wcslen 95641->95642 95643 a64ba1 95641->95643 95646 a26ba2 95642->95646 95647 a26b7d 95642->95647 95644 a293b2 22 API calls 95643->95644 95645 a64baa 95644->95645 95645->95645 95649 a3fddb 22 API calls 95646->95649 96041 a26f34 22 API calls 95647->96041 95650 a26bae 95649->95650 95651 a3fe0b 22 API calls 95650->95651 95652 a26b85 __fread_nolock 95651->95652 95652->95580 95654 a23aaf GetFullPathNameW 95653->95654 95654->95587 95654->95588 95656 a237ae 95655->95656 95665 a293b2 95656->95665 95658 a22e12 95658->95594 95660 a2a6d0 95659->95660 95661 a2a6dd 95659->95661 95660->95591 95662 a3fddb 22 API calls 95661->95662 95663 a2a6e7 95662->95663 95664 a3fe0b 22 API calls 95663->95664 95664->95660 95666 a293c0 95665->95666 95667 a293c9 __fread_nolock 95665->95667 95666->95667 95669 a2aec9 95666->95669 95667->95658 95667->95667 95670 a2aed9 __fread_nolock 95669->95670 95671 a2aedc 95669->95671 95670->95667 95675 a3fddb 95671->95675 95673 a2aee7 95685 a3fe0b 95673->95685 95677 a3fde0 95675->95677 95678 a3fdfa 95677->95678 95681 a3fdfc 95677->95681 95695 a4ea0c 95677->95695 95702 a44ead 7 API calls 2 library calls 95677->95702 95678->95673 95680 a4066d 95704 a432a4 RaiseException 95680->95704 95681->95680 95703 a432a4 RaiseException 95681->95703 95684 a4068a 95684->95673 95687 a3fddb 95685->95687 95686 a4ea0c ___std_exception_copy 21 API calls 95686->95687 95687->95686 95688 a3fdfa 95687->95688 95690 a3fdfc 95687->95690 95707 a44ead 7 API calls 2 library calls 95687->95707 95688->95670 95691 a4066d 95690->95691 95708 a432a4 RaiseException 95690->95708 95709 a432a4 RaiseException 95691->95709 95694 a4068a 95694->95670 95701 a53820 __dosmaperr 95695->95701 95696 a5385e 95706 a4f2d9 20 API calls __dosmaperr 95696->95706 95697 a53849 RtlAllocateHeap 95699 a5385c 95697->95699 95697->95701 95699->95677 95701->95696 95701->95697 95705 a44ead 7 API calls 2 library calls 95701->95705 95702->95677 95703->95680 95704->95684 95705->95701 95706->95699 95707->95687 95708->95691 95709->95694 95711 a3fe0b 22 API calls 95710->95711 95712 a2a976 95711->95712 95713 a3fddb 22 API calls 95712->95713 95714 a235aa 95713->95714 95714->95602 95716 a2516e 95715->95716 95720 a2518f __fread_nolock 95715->95720 95718 a3fe0b 22 API calls 95716->95718 95717 a3fddb 22 API calls 95719 a235cc 95717->95719 95718->95720 95721 a235f3 95719->95721 95720->95717 95722 a23605 95721->95722 95726 a23624 __fread_nolock 95721->95726 95724 a3fe0b 22 API calls 95722->95724 95723 a3fddb 22 API calls 95725 a2363b 95723->95725 95724->95726 95725->95611 95726->95723 95727->95605 95790 a24e90 LoadLibraryA 95728->95790 95733 a24ef6 LoadLibraryExW 95798 a24e59 LoadLibraryA 95733->95798 95734 a63ccf 95735 a24f39 68 API calls 95734->95735 95737 a63cd6 95735->95737 95739 a24e59 3 API calls 95737->95739 95741 a63cde 95739->95741 95820 a250f5 40 API calls __fread_nolock 95741->95820 95742 a24f20 95742->95741 95743 a24f2c 95742->95743 95744 a24f39 68 API calls 95743->95744 95746 a244cd 95744->95746 95746->95615 95746->95616 95747 a63cf5 95821 a928fe 27 API calls 95747->95821 95749 a63d05 95751 a92d15 95750->95751 95904 a2511f 64 API calls 95751->95904 95753 a92d29 95905 a92e66 75 API calls 95753->95905 95755 a92d3b 95774 a92d3f 95755->95774 95906 a250f5 40 API calls __fread_nolock 95755->95906 95757 a92d56 95907 a250f5 40 API calls __fread_nolock 95757->95907 95759 a92d66 95908 a250f5 40 API calls __fread_nolock 95759->95908 95761 a92d81 95909 a250f5 40 API calls __fread_nolock 95761->95909 95763 a92d9c 95910 a2511f 64 API calls 95763->95910 95765 a92db3 95766 a4ea0c ___std_exception_copy 21 API calls 95765->95766 95767 a92dba 95766->95767 95768 a4ea0c ___std_exception_copy 21 API calls 95767->95768 95769 a92dc4 95768->95769 95911 a250f5 40 API calls __fread_nolock 95769->95911 95771 a92dd8 95912 a928fe 27 API calls 95771->95912 95773 a92dee 95773->95774 95913 a922ce 79 API calls 95773->95913 95774->95619 95776->95630 95778 a24f43 95777->95778 95780 a24f4a 95777->95780 95914 a4e678 95778->95914 95781 a24f6a FreeLibrary 95780->95781 95782 a24f59 95780->95782 95781->95782 95782->95625 95783->95629 95784->95632 95785->95632 95786->95632 95787->95632 95788->95632 95789->95634 95791 a24ec6 95790->95791 95792 a24ea8 GetProcAddress 95790->95792 95795 a4e5eb 95791->95795 95793 a24eb8 95792->95793 95793->95791 95794 a24ebf FreeLibrary 95793->95794 95794->95791 95822 a4e52a 95795->95822 95797 a24eea 95797->95733 95797->95734 95799 a24e6e GetProcAddress 95798->95799 95800 a24e8d 95798->95800 95801 a24e7e 95799->95801 95803 a24f80 95800->95803 95801->95800 95802 a24e86 FreeLibrary 95801->95802 95802->95800 95804 a3fe0b 22 API calls 95803->95804 95805 a24f95 95804->95805 95890 a25722 95805->95890 95807 a24fa1 __fread_nolock 95808 a250a5 95807->95808 95809 a63d1d 95807->95809 95819 a24fdc 95807->95819 95893 a242a2 CreateStreamOnHGlobal 95808->95893 95901 a9304d 74 API calls 95809->95901 95812 a63d22 95902 a2511f 64 API calls 95812->95902 95815 a63d45 95903 a250f5 40 API calls __fread_nolock 95815->95903 95818 a2506e messages 95818->95742 95819->95812 95819->95818 95899 a250f5 40 API calls __fread_nolock 95819->95899 95900 a2511f 64 API calls 95819->95900 95820->95747 95821->95749 95825 a4e536 CallCatchBlock 95822->95825 95823 a4e544 95847 a4f2d9 20 API calls __dosmaperr 95823->95847 95825->95823 95827 a4e574 95825->95827 95826 a4e549 95848 a527ec 26 API calls pre_c_initialization 95826->95848 95829 a4e586 95827->95829 95830 a4e579 95827->95830 95839 a58061 95829->95839 95849 a4f2d9 20 API calls __dosmaperr 95830->95849 95833 a4e58f 95834 a4e595 95833->95834 95835 a4e5a2 95833->95835 95850 a4f2d9 20 API calls __dosmaperr 95834->95850 95851 a4e5d4 LeaveCriticalSection __fread_nolock 95835->95851 95837 a4e554 __fread_nolock 95837->95797 95840 a5806d CallCatchBlock 95839->95840 95852 a52f5e EnterCriticalSection 95840->95852 95842 a5807b 95853 a580fb 95842->95853 95846 a580ac __fread_nolock 95846->95833 95847->95826 95848->95837 95849->95837 95850->95837 95851->95837 95852->95842 95860 a5811e 95853->95860 95854 a58088 95866 a580b7 95854->95866 95855 a58177 95871 a54c7d 95855->95871 95860->95854 95860->95855 95869 a4918d EnterCriticalSection 95860->95869 95870 a491a1 LeaveCriticalSection 95860->95870 95861 a58189 95861->95854 95884 a53405 11 API calls 2 library calls 95861->95884 95863 a581a8 95885 a4918d EnterCriticalSection 95863->95885 95889 a52fa6 LeaveCriticalSection 95866->95889 95868 a580be 95868->95846 95869->95860 95870->95860 95876 a54c8a __dosmaperr 95871->95876 95872 a54cca 95887 a4f2d9 20 API calls __dosmaperr 95872->95887 95873 a54cb5 RtlAllocateHeap 95874 a54cc8 95873->95874 95873->95876 95878 a529c8 95874->95878 95876->95872 95876->95873 95886 a44ead 7 API calls 2 library calls 95876->95886 95879 a529fc _free 95878->95879 95880 a529d3 RtlFreeHeap 95878->95880 95879->95861 95880->95879 95881 a529e8 95880->95881 95888 a4f2d9 20 API calls __dosmaperr 95881->95888 95883 a529ee GetLastError 95883->95879 95884->95863 95885->95854 95886->95876 95887->95874 95888->95883 95889->95868 95891 a3fddb 22 API calls 95890->95891 95892 a25734 95891->95892 95892->95807 95894 a242bc FindResourceExW 95893->95894 95898 a242d9 95893->95898 95895 a635ba LoadResource 95894->95895 95894->95898 95896 a635cf SizeofResource 95895->95896 95895->95898 95897 a635e3 LockResource 95896->95897 95896->95898 95897->95898 95898->95819 95899->95819 95900->95819 95901->95812 95902->95815 95903->95818 95904->95753 95905->95755 95906->95757 95907->95759 95908->95761 95909->95763 95910->95765 95911->95771 95912->95773 95913->95774 95915 a4e684 CallCatchBlock 95914->95915 95916 a4e695 95915->95916 95917 a4e6aa 95915->95917 95927 a4f2d9 20 API calls __dosmaperr 95916->95927 95925 a4e6a5 __fread_nolock 95917->95925 95929 a4918d EnterCriticalSection 95917->95929 95920 a4e69a 95928 a527ec 26 API calls pre_c_initialization 95920->95928 95921 a4e6c6 95930 a4e602 95921->95930 95924 a4e6d1 95946 a4e6ee LeaveCriticalSection __fread_nolock 95924->95946 95925->95780 95927->95920 95928->95925 95929->95921 95931 a4e624 95930->95931 95932 a4e60f 95930->95932 95938 a4e61f 95931->95938 95949 a4dc0b 95931->95949 95947 a4f2d9 20 API calls __dosmaperr 95932->95947 95935 a4e614 95948 a527ec 26 API calls pre_c_initialization 95935->95948 95938->95924 95942 a4e646 95966 a5862f 95942->95966 95945 a529c8 _free 20 API calls 95945->95938 95946->95925 95947->95935 95948->95938 95950 a4dc1f 95949->95950 95951 a4dc23 95949->95951 95955 a54d7a 95950->95955 95951->95950 95952 a4d955 __fread_nolock 26 API calls 95951->95952 95953 a4dc43 95952->95953 95981 a559be 62 API calls 6 library calls 95953->95981 95956 a4e640 95955->95956 95957 a54d90 95955->95957 95959 a4d955 95956->95959 95957->95956 95958 a529c8 _free 20 API calls 95957->95958 95958->95956 95960 a4d976 95959->95960 95961 a4d961 95959->95961 95960->95942 95982 a4f2d9 20 API calls __dosmaperr 95961->95982 95963 a4d966 95983 a527ec 26 API calls pre_c_initialization 95963->95983 95965 a4d971 95965->95942 95967 a58653 95966->95967 95968 a5863e 95966->95968 95970 a5868e 95967->95970 95973 a5867a 95967->95973 95984 a4f2c6 20 API calls __dosmaperr 95968->95984 95989 a4f2c6 20 API calls __dosmaperr 95970->95989 95972 a58643 95985 a4f2d9 20 API calls __dosmaperr 95972->95985 95986 a58607 95973->95986 95974 a58693 95990 a4f2d9 20 API calls __dosmaperr 95974->95990 95978 a4e64c 95978->95938 95978->95945 95979 a5869b 95991 a527ec 26 API calls pre_c_initialization 95979->95991 95981->95950 95982->95963 95983->95965 95984->95972 95985->95978 95992 a58585 95986->95992 95988 a5862b 95988->95978 95989->95974 95990->95979 95991->95978 95993 a58591 CallCatchBlock 95992->95993 96003 a55147 EnterCriticalSection 95993->96003 95995 a5859f 95996 a585c6 95995->95996 95997 a585d1 95995->95997 96004 a586ae 95996->96004 96019 a4f2d9 20 API calls __dosmaperr 95997->96019 96000 a585cc 96020 a585fb LeaveCriticalSection __wsopen_s 96000->96020 96002 a585ee __fread_nolock 96002->95988 96003->95995 96021 a553c4 96004->96021 96006 a586c4 96034 a55333 21 API calls 3 library calls 96006->96034 96008 a586be 96008->96006 96009 a586f6 96008->96009 96011 a553c4 __wsopen_s 26 API calls 96008->96011 96009->96006 96012 a553c4 __wsopen_s 26 API calls 96009->96012 96010 a5871c 96013 a5873e 96010->96013 96035 a4f2a3 20 API calls 2 library calls 96010->96035 96014 a586ed 96011->96014 96015 a58702 CloseHandle 96012->96015 96013->96000 96017 a553c4 __wsopen_s 26 API calls 96014->96017 96015->96006 96018 a5870e GetLastError 96015->96018 96017->96009 96018->96006 96019->96000 96020->96002 96022 a553d1 96021->96022 96025 a553e6 96021->96025 96036 a4f2c6 20 API calls __dosmaperr 96022->96036 96024 a553d6 96037 a4f2d9 20 API calls __dosmaperr 96024->96037 96028 a5540b 96025->96028 96038 a4f2c6 20 API calls __dosmaperr 96025->96038 96028->96008 96029 a55416 96039 a4f2d9 20 API calls __dosmaperr 96029->96039 96031 a553de 96031->96008 96032 a5541e 96040 a527ec 26 API calls pre_c_initialization 96032->96040 96034->96010 96035->96013 96036->96024 96037->96031 96038->96029 96039->96032 96040->96031 96041->95652 96042 a62ba5 96043 a22b25 96042->96043 96044 a62baf 96042->96044 96070 a22b83 7 API calls 96043->96070 96088 a23a5a 96044->96088 96047 a62bb8 96095 a29cb3 96047->96095 96051 a22b2f 96060 a22b44 96051->96060 96074 a23837 96051->96074 96052 a62bc6 96053 a62bf5 96052->96053 96054 a62bce 96052->96054 96057 a233c6 22 API calls 96053->96057 96101 a233c6 96054->96101 96059 a62bf1 GetForegroundWindow ShellExecuteW 96057->96059 96066 a62c26 96059->96066 96061 a22b5f 96060->96061 96084 a230f2 96060->96084 96068 a22b66 SetCurrentDirectoryW 96061->96068 96065 a62be7 96067 a233c6 22 API calls 96065->96067 96066->96061 96067->96059 96069 a22b7a 96068->96069 96111 a22cd4 7 API calls 96070->96111 96072 a22b2a 96073 a22c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96072->96073 96073->96051 96075 a23862 ___scrt_fastfail 96074->96075 96112 a24212 96075->96112 96079 a63386 Shell_NotifyIconW 96080 a23906 Shell_NotifyIconW 96116 a23923 96080->96116 96082 a2391c 96082->96060 96083 a238e8 96083->96079 96083->96080 96085 a23154 96084->96085 96086 a23104 ___scrt_fastfail 96084->96086 96085->96061 96087 a23123 Shell_NotifyIconW 96086->96087 96087->96085 96089 a61f50 __wsopen_s 96088->96089 96090 a23a67 GetModuleFileNameW 96089->96090 96091 a29cb3 22 API calls 96090->96091 96092 a23a8d 96091->96092 96093 a23aa2 23 API calls 96092->96093 96094 a23a97 96093->96094 96094->96047 96096 a29cc2 _wcslen 96095->96096 96097 a3fe0b 22 API calls 96096->96097 96098 a29cea __fread_nolock 96097->96098 96099 a3fddb 22 API calls 96098->96099 96100 a29d00 96099->96100 96100->96052 96102 a630bb 96101->96102 96103 a233dd 96101->96103 96105 a3fddb 22 API calls 96102->96105 96147 a233ee 96103->96147 96107 a630c5 _wcslen 96105->96107 96106 a233e8 96110 a26350 22 API calls 96106->96110 96108 a3fe0b 22 API calls 96107->96108 96109 a630fe __fread_nolock 96108->96109 96110->96065 96111->96072 96113 a635a4 96112->96113 96114 a238b7 96112->96114 96113->96114 96115 a635ad DestroyIcon 96113->96115 96114->96083 96138 a8c874 42 API calls _strftime 96114->96138 96115->96114 96117 a2393f 96116->96117 96136 a23a13 96116->96136 96139 a26270 96117->96139 96120 a63393 LoadStringW 96124 a633ad 96120->96124 96121 a2395a 96122 a26b57 22 API calls 96121->96122 96123 a2396f 96122->96123 96125 a2397c 96123->96125 96126 a633c9 96123->96126 96131 a23994 ___scrt_fastfail 96124->96131 96145 a2a8c7 22 API calls __fread_nolock 96124->96145 96125->96124 96128 a23986 96125->96128 96146 a26350 22 API calls 96126->96146 96144 a26350 22 API calls 96128->96144 96134 a239f9 Shell_NotifyIconW 96131->96134 96132 a633d7 96132->96131 96133 a233c6 22 API calls 96132->96133 96135 a633f9 96133->96135 96134->96136 96137 a233c6 22 API calls 96135->96137 96136->96082 96137->96131 96138->96083 96140 a3fe0b 22 API calls 96139->96140 96141 a26295 96140->96141 96142 a3fddb 22 API calls 96141->96142 96143 a2394d 96142->96143 96143->96120 96143->96121 96144->96131 96145->96131 96146->96132 96148 a233fe _wcslen 96147->96148 96149 a23411 96148->96149 96150 a6311d 96148->96150 96157 a2a587 96149->96157 96152 a3fddb 22 API calls 96150->96152 96154 a63127 96152->96154 96153 a2341e __fread_nolock 96153->96106 96155 a3fe0b 22 API calls 96154->96155 96156 a63157 __fread_nolock 96155->96156 96158 a2a59d 96157->96158 96161 a2a598 __fread_nolock 96157->96161 96159 a6f80f 96158->96159 96160 a3fe0b 22 API calls 96158->96160 96160->96161 96161->96153 96162 a62402 96165 a21410 96162->96165 96166 a2144f mciSendStringW 96165->96166 96167 a624b8 DestroyWindow 96165->96167 96168 a216c6 96166->96168 96169 a2146b 96166->96169 96179 a624c4 96167->96179 96168->96169 96171 a216d5 UnregisterHotKey 96168->96171 96170 a21479 96169->96170 96169->96179 96198 a2182e 96170->96198 96171->96168 96173 a624e2 FindClose 96173->96179 96174 a624d8 96174->96179 96204 a26246 CloseHandle 96174->96204 96176 a62509 96180 a6252d 96176->96180 96181 a6251c FreeLibrary 96176->96181 96178 a2148e 96178->96180 96188 a2149c 96178->96188 96179->96173 96179->96174 96179->96176 96182 a62541 VirtualFree 96180->96182 96189 a21509 96180->96189 96181->96176 96182->96180 96183 a214f8 CoUninitialize 96183->96189 96184 a21514 96186 a21524 96184->96186 96185 a62589 96191 a62598 messages 96185->96191 96205 a932eb 6 API calls messages 96185->96205 96202 a21944 VirtualFreeEx CloseHandle 96186->96202 96188->96183 96189->96184 96189->96185 96193 a62627 96191->96193 96206 a864d4 22 API calls messages 96191->96206 96194 a2153a 96194->96191 96195 a2161f 96194->96195 96195->96193 96203 a21876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96195->96203 96197 a216c1 96199 a2183b 96198->96199 96200 a21480 96199->96200 96207 a8702a 22 API calls 96199->96207 96200->96176 96200->96178 96202->96194 96203->96197 96204->96174 96205->96185 96206->96191 96207->96199 96208 a21044 96213 a210f3 96208->96213 96210 a2104a 96249 a400a3 29 API calls __onexit 96210->96249 96212 a21054 96250 a21398 96213->96250 96217 a2116a 96218 a2a961 22 API calls 96217->96218 96219 a21174 96218->96219 96220 a2a961 22 API calls 96219->96220 96221 a2117e 96220->96221 96222 a2a961 22 API calls 96221->96222 96223 a21188 96222->96223 96224 a2a961 22 API calls 96223->96224 96225 a211c6 96224->96225 96226 a2a961 22 API calls 96225->96226 96227 a21292 96226->96227 96260 a2171c 96227->96260 96231 a212c4 96232 a2a961 22 API calls 96231->96232 96233 a212ce 96232->96233 96281 a31940 96233->96281 96235 a212f9 96291 a21aab 96235->96291 96237 a21315 96238 a21325 GetStdHandle 96237->96238 96239 a62485 96238->96239 96240 a2137a 96238->96240 96239->96240 96241 a6248e 96239->96241 96243 a21387 OleInitialize 96240->96243 96242 a3fddb 22 API calls 96241->96242 96244 a62495 96242->96244 96243->96210 96298 a9011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96244->96298 96246 a6249e 96299 a90944 CreateThread 96246->96299 96248 a624aa CloseHandle 96248->96240 96249->96212 96300 a213f1 96250->96300 96253 a213f1 22 API calls 96254 a213d0 96253->96254 96255 a2a961 22 API calls 96254->96255 96256 a213dc 96255->96256 96257 a26b57 22 API calls 96256->96257 96258 a21129 96257->96258 96259 a21bc3 6 API calls 96258->96259 96259->96217 96261 a2a961 22 API calls 96260->96261 96262 a2172c 96261->96262 96263 a2a961 22 API calls 96262->96263 96264 a21734 96263->96264 96265 a2a961 22 API calls 96264->96265 96266 a2174f 96265->96266 96267 a3fddb 22 API calls 96266->96267 96268 a2129c 96267->96268 96269 a21b4a 96268->96269 96270 a21b58 96269->96270 96271 a2a961 22 API calls 96270->96271 96272 a21b63 96271->96272 96273 a2a961 22 API calls 96272->96273 96274 a21b6e 96273->96274 96275 a2a961 22 API calls 96274->96275 96276 a21b79 96275->96276 96277 a2a961 22 API calls 96276->96277 96278 a21b84 96277->96278 96279 a3fddb 22 API calls 96278->96279 96280 a21b96 RegisterWindowMessageW 96279->96280 96280->96231 96282 a31981 96281->96282 96286 a3195d 96281->96286 96307 a40242 5 API calls __Init_thread_wait 96282->96307 96284 a3198b 96284->96286 96308 a401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96284->96308 96290 a3196e 96286->96290 96309 a40242 5 API calls __Init_thread_wait 96286->96309 96287 a38727 96287->96290 96310 a401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96287->96310 96290->96235 96292 a21abb 96291->96292 96293 a6272d 96291->96293 96295 a3fddb 22 API calls 96292->96295 96311 a93209 23 API calls 96293->96311 96297 a21ac3 96295->96297 96296 a62738 96297->96237 96298->96246 96299->96248 96312 a9092a 28 API calls 96299->96312 96301 a2a961 22 API calls 96300->96301 96302 a213fc 96301->96302 96303 a2a961 22 API calls 96302->96303 96304 a21404 96303->96304 96305 a2a961 22 API calls 96304->96305 96306 a213c6 96305->96306 96306->96253 96307->96284 96308->96286 96309->96287 96310->96290 96311->96296 96313 a72a00 96329 a2d7b0 messages 96313->96329 96314 a2db11 PeekMessageW 96314->96329 96315 a2d807 GetInputState 96315->96314 96315->96329 96316 a71cbe TranslateAcceleratorW 96316->96329 96318 a2db8f PeekMessageW 96318->96329 96319 a2da04 timeGetTime 96319->96329 96320 a2db73 TranslateMessage DispatchMessageW 96320->96318 96321 a2dbaf Sleep 96321->96329 96322 a72b74 Sleep 96335 a72a51 96322->96335 96325 a71dda timeGetTime 96472 a3e300 23 API calls 96325->96472 96328 a72c0b GetExitCodeProcess 96333 a72c37 CloseHandle 96328->96333 96334 a72c21 WaitForSingleObject 96328->96334 96329->96314 96329->96315 96329->96316 96329->96318 96329->96319 96329->96320 96329->96321 96329->96322 96329->96325 96331 a2d9d5 96329->96331 96329->96335 96345 a2dd50 96329->96345 96352 a31310 96329->96352 96407 a2bf40 96329->96407 96465 a3edf6 96329->96465 96470 a2dfd0 348 API calls 3 library calls 96329->96470 96471 a3e551 timeGetTime 96329->96471 96473 a93a2a 23 API calls 96329->96473 96474 a2ec40 96329->96474 96498 a9359c 82 API calls __wsopen_s 96329->96498 96330 ab29bf GetForegroundWindow 96330->96335 96333->96335 96334->96329 96334->96333 96335->96328 96335->96329 96335->96330 96335->96331 96336 a72ca9 Sleep 96335->96336 96499 aa5658 23 API calls 96335->96499 96500 a8e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96335->96500 96501 a3e551 timeGetTime 96335->96501 96502 a8d4dc CreateToolhelp32Snapshot Process32FirstW 96335->96502 96336->96329 96346 a2dd83 96345->96346 96347 a2dd6f 96345->96347 96544 a9359c 82 API calls __wsopen_s 96346->96544 96512 a2d260 96347->96512 96349 a2dd7a 96349->96329 96351 a72f75 96351->96351 96353 a317b0 96352->96353 96354 a31376 96352->96354 96583 a40242 5 API calls __Init_thread_wait 96353->96583 96355 a31390 96354->96355 96356 a76331 96354->96356 96358 a31940 9 API calls 96355->96358 96359 a7633d 96356->96359 96597 aa709c 348 API calls 96356->96597 96362 a313a0 96358->96362 96359->96329 96361 a317ba 96363 a317fb 96361->96363 96365 a29cb3 22 API calls 96361->96365 96364 a31940 9 API calls 96362->96364 96367 a76346 96363->96367 96369 a3182c 96363->96369 96366 a313b6 96364->96366 96372 a317d4 96365->96372 96366->96363 96368 a313ec 96366->96368 96598 a9359c 82 API calls __wsopen_s 96367->96598 96368->96367 96383 a31408 __fread_nolock 96368->96383 96585 a2aceb 96369->96585 96584 a401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96372->96584 96373 a31839 96595 a3d217 348 API calls 96373->96595 96376 a7636e 96599 a9359c 82 API calls __wsopen_s 96376->96599 96377 a31872 96596 a3faeb 23 API calls 96377->96596 96379 a763d1 96601 aa5745 54 API calls _wcslen 96379->96601 96380 a3153c 96382 a31940 9 API calls 96380->96382 96384 a31549 96382->96384 96383->96373 96383->96376 96385 a3fddb 22 API calls 96383->96385 96386 a3fe0b 22 API calls 96383->96386 96391 a2ec40 348 API calls 96383->96391 96392 a3152f 96383->96392 96394 a315c7 messages 96383->96394 96396 a763b2 96383->96396 96388 a31940 9 API calls 96384->96388 96384->96394 96385->96383 96386->96383 96398 a31563 96388->96398 96390 a3171d 96390->96329 96391->96383 96392->96379 96392->96380 96393 a3167b messages 96393->96390 96582 a3ce17 22 API calls messages 96393->96582 96394->96377 96394->96393 96397 a31940 9 API calls 96394->96397 96554 aaa2ea 96394->96554 96559 aaab67 96394->96559 96562 a3f645 96394->96562 96569 a95c5a 96394->96569 96574 aaabf7 96394->96574 96579 ab1591 96394->96579 96603 a9359c 82 API calls __wsopen_s 96394->96603 96600 a9359c 82 API calls __wsopen_s 96396->96600 96397->96394 96398->96394 96602 a2a8c7 22 API calls __fread_nolock 96398->96602 96777 a2adf0 96407->96777 96409 a2bf9d 96410 a704b6 96409->96410 96411 a2bfa9 96409->96411 96795 a9359c 82 API calls __wsopen_s 96410->96795 96413 a704c6 96411->96413 96414 a2c01e 96411->96414 96796 a9359c 82 API calls __wsopen_s 96413->96796 96782 a2ac91 96414->96782 96418 a87120 22 API calls 96461 a2c039 __fread_nolock messages 96418->96461 96419 a2c7da 96422 a3fe0b 22 API calls 96419->96422 96427 a2c808 __fread_nolock 96422->96427 96424 a704f5 96428 a7055a 96424->96428 96797 a3d217 348 API calls 96424->96797 96430 a3fe0b 22 API calls 96427->96430 96451 a2c603 96428->96451 96798 a9359c 82 API calls __wsopen_s 96428->96798 96429 a3fddb 22 API calls 96429->96461 96462 a2c350 __fread_nolock messages 96430->96462 96431 a2af8a 22 API calls 96431->96461 96432 a7091a 96807 a93209 23 API calls 96432->96807 96435 a2ec40 348 API calls 96435->96461 96436 a708a5 96437 a2ec40 348 API calls 96436->96437 96438 a708cf 96437->96438 96438->96451 96805 a2a81b 41 API calls 96438->96805 96440 a70591 96799 a9359c 82 API calls __wsopen_s 96440->96799 96444 a708f6 96806 a9359c 82 API calls __wsopen_s 96444->96806 96445 a2bbe0 40 API calls 96445->96461 96447 a2c237 96449 a2c253 96447->96449 96808 a2a8c7 22 API calls __fread_nolock 96447->96808 96448 a2aceb 23 API calls 96448->96461 96453 a70976 96449->96453 96456 a2c297 messages 96449->96456 96451->96329 96454 a2aceb 23 API calls 96453->96454 96455 a709bf 96454->96455 96455->96451 96809 a9359c 82 API calls __wsopen_s 96455->96809 96456->96455 96457 a2aceb 23 API calls 96456->96457 96458 a2c335 96457->96458 96458->96455 96459 a2c342 96458->96459 96793 a2a704 22 API calls messages 96459->96793 96461->96418 96461->96419 96461->96424 96461->96427 96461->96428 96461->96429 96461->96431 96461->96432 96461->96435 96461->96436 96461->96440 96461->96444 96461->96445 96461->96447 96461->96448 96461->96451 96461->96455 96463 a3fe0b 22 API calls 96461->96463 96786 a2ad81 96461->96786 96800 a87099 22 API calls __fread_nolock 96461->96800 96801 aa5745 54 API calls _wcslen 96461->96801 96802 a3aa42 22 API calls messages 96461->96802 96803 a8f05c 40 API calls 96461->96803 96804 a2a993 41 API calls 96461->96804 96464 a2c3ac 96462->96464 96794 a3ce17 22 API calls messages 96462->96794 96463->96461 96464->96329 96466 a3ee09 96465->96466 96467 a3ee12 96465->96467 96466->96329 96467->96466 96468 a3ee36 IsDialogMessageW 96467->96468 96469 a7efaf GetClassLongW 96467->96469 96468->96466 96468->96467 96469->96467 96469->96468 96470->96329 96471->96329 96472->96329 96473->96329 96495 a2ec76 messages 96474->96495 96475 a3fddb 22 API calls 96475->96495 96476 a2fef7 96490 a2ed9d messages 96476->96490 96822 a2a8c7 22 API calls __fread_nolock 96476->96822 96479 a74600 96479->96490 96821 a2a8c7 22 API calls __fread_nolock 96479->96821 96480 a74b0b 96824 a9359c 82 API calls __wsopen_s 96480->96824 96484 a2a8c7 22 API calls 96484->96495 96487 a40242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96487->96495 96488 a2fbe3 96488->96490 96491 a74bdc 96488->96491 96497 a2f3ae messages 96488->96497 96489 a2a961 22 API calls 96489->96495 96490->96329 96825 a9359c 82 API calls __wsopen_s 96491->96825 96492 a400a3 29 API calls pre_c_initialization 96492->96495 96494 a74beb 96826 a9359c 82 API calls __wsopen_s 96494->96826 96495->96475 96495->96476 96495->96479 96495->96480 96495->96484 96495->96487 96495->96488 96495->96489 96495->96490 96495->96492 96495->96494 96496 a401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96495->96496 96495->96497 96819 a301e0 348 API calls 2 library calls 96495->96819 96820 a306a0 41 API calls messages 96495->96820 96496->96495 96497->96490 96823 a9359c 82 API calls __wsopen_s 96497->96823 96498->96329 96499->96335 96500->96335 96501->96335 96827 a8def7 96502->96827 96504 a8d529 Process32NextW 96505 a8d5db CloseHandle 96504->96505 96510 a8d522 96504->96510 96505->96335 96506 a2a961 22 API calls 96506->96510 96507 a29cb3 22 API calls 96507->96510 96510->96504 96510->96505 96510->96506 96510->96507 96833 a2525f 22 API calls 96510->96833 96834 a26350 22 API calls 96510->96834 96835 a3ce60 41 API calls 96510->96835 96513 a2ec40 348 API calls 96512->96513 96530 a2d29d 96513->96530 96514 a71bc4 96553 a9359c 82 API calls __wsopen_s 96514->96553 96516 a2d30b messages 96516->96349 96517 a2d6d5 96517->96516 96528 a3fe0b 22 API calls 96517->96528 96518 a2d3c3 96518->96517 96520 a2d3ce 96518->96520 96519 a2d5ff 96522 a71bb5 96519->96522 96523 a2d614 96519->96523 96521 a3fddb 22 API calls 96520->96521 96533 a2d3d5 __fread_nolock 96521->96533 96552 aa5705 23 API calls 96522->96552 96526 a3fddb 22 API calls 96523->96526 96524 a2d4b8 96529 a3fe0b 22 API calls 96524->96529 96536 a2d46a 96526->96536 96527 a3fddb 22 API calls 96527->96530 96528->96533 96539 a2d429 __fread_nolock messages 96529->96539 96530->96514 96530->96516 96530->96517 96530->96518 96530->96524 96530->96527 96530->96539 96531 a3fddb 22 API calls 96532 a2d3f6 96531->96532 96532->96539 96545 a2bec0 348 API calls 96532->96545 96533->96531 96533->96532 96535 a71ba4 96551 a9359c 82 API calls __wsopen_s 96535->96551 96536->96349 96539->96519 96539->96535 96539->96536 96540 a71b7f 96539->96540 96542 a71b5d 96539->96542 96546 a21f6f 96539->96546 96550 a9359c 82 API calls __wsopen_s 96540->96550 96549 a9359c 82 API calls __wsopen_s 96542->96549 96544->96351 96545->96539 96547 a2ec40 348 API calls 96546->96547 96548 a21f98 96547->96548 96548->96539 96549->96536 96550->96536 96551->96536 96552->96514 96553->96516 96604 a27510 96554->96604 96557 a8d4dc 47 API calls 96558 aaa315 96557->96558 96558->96394 96631 aaaff9 96559->96631 96563 a2b567 39 API calls 96562->96563 96564 a3f659 96563->96564 96565 a3f661 timeGetTime 96564->96565 96566 a7f2dc Sleep 96564->96566 96567 a2b567 39 API calls 96565->96567 96568 a3f677 96567->96568 96568->96394 96570 a27510 53 API calls 96569->96570 96571 a95c6d 96570->96571 96759 a8dbbe lstrlenW 96571->96759 96573 a95c77 96573->96394 96575 aaaff9 217 API calls 96574->96575 96577 aaac0c 96575->96577 96576 aaac54 96576->96394 96577->96576 96578 a2aceb 23 API calls 96577->96578 96578->96576 96764 ab2ad8 96579->96764 96581 ab159f 96581->96394 96582->96393 96583->96361 96584->96363 96586 a2acf9 96585->96586 96594 a2ad2a messages 96585->96594 96587 a2ad55 96586->96587 96589 a2ad01 messages 96586->96589 96587->96594 96775 a2a8c7 22 API calls __fread_nolock 96587->96775 96590 a2ad21 96589->96590 96591 a6fa48 96589->96591 96589->96594 96593 a6fa3a VariantClear 96590->96593 96590->96594 96591->96594 96776 a3ce17 22 API calls messages 96591->96776 96593->96594 96594->96373 96595->96377 96596->96377 96597->96359 96598->96394 96599->96394 96600->96394 96601->96398 96602->96394 96603->96394 96605 a27525 96604->96605 96621 a27522 96604->96621 96606 a2752d 96605->96606 96608 a2755b 96605->96608 96627 a451c6 26 API calls 96606->96627 96609 a650f6 96608->96609 96612 a2756d 96608->96612 96617 a6500f 96608->96617 96630 a45183 26 API calls 96609->96630 96610 a2753d 96616 a3fddb 22 API calls 96610->96616 96628 a3fb21 51 API calls 96612->96628 96614 a6510e 96614->96614 96618 a27547 96616->96618 96620 a3fe0b 22 API calls 96617->96620 96626 a65088 96617->96626 96619 a29cb3 22 API calls 96618->96619 96619->96621 96623 a65058 96620->96623 96621->96557 96622 a3fddb 22 API calls 96624 a6507f 96622->96624 96623->96622 96625 a29cb3 22 API calls 96624->96625 96625->96626 96629 a3fb21 51 API calls 96626->96629 96627->96610 96628->96610 96629->96609 96630->96614 96632 aab01d ___scrt_fastfail 96631->96632 96633 aab058 96632->96633 96634 aab094 96632->96634 96729 a2b567 96633->96729 96638 a2b567 39 API calls 96634->96638 96639 aab08b 96634->96639 96636 aab063 96636->96639 96642 a2b567 39 API calls 96636->96642 96637 aab0ed 96640 a27510 53 API calls 96637->96640 96641 aab0a5 96638->96641 96639->96637 96643 a2b567 39 API calls 96639->96643 96644 aab10b 96640->96644 96645 a2b567 39 API calls 96641->96645 96646 aab078 96642->96646 96643->96637 96722 a27620 96644->96722 96645->96639 96648 a2b567 39 API calls 96646->96648 96648->96639 96649 aab115 96650 aab1d8 96649->96650 96651 aab11f 96649->96651 96652 aab20a GetCurrentDirectoryW 96650->96652 96654 a27510 53 API calls 96650->96654 96653 a27510 53 API calls 96651->96653 96655 a3fe0b 22 API calls 96652->96655 96656 aab130 96653->96656 96657 aab1ef 96654->96657 96658 aab22f GetCurrentDirectoryW 96655->96658 96659 a27620 22 API calls 96656->96659 96662 a27620 22 API calls 96657->96662 96660 aab23c 96658->96660 96661 aab13a 96659->96661 96665 aab275 96660->96665 96734 a29c6e 22 API calls 96660->96734 96663 a27510 53 API calls 96661->96663 96664 aab1f9 _wcslen 96662->96664 96666 aab14b 96663->96666 96664->96652 96664->96665 96673 aab28b 96665->96673 96674 aab287 96665->96674 96668 a27620 22 API calls 96666->96668 96670 aab155 96668->96670 96669 aab255 96735 a29c6e 22 API calls 96669->96735 96672 a27510 53 API calls 96670->96672 96676 aab166 96672->96676 96737 a907c0 10 API calls 96673->96737 96678 aab39a CreateProcessW 96674->96678 96679 aab2f8 96674->96679 96675 aab265 96736 a29c6e 22 API calls 96675->96736 96681 a27620 22 API calls 96676->96681 96721 aab32f _wcslen 96678->96721 96740 a811c8 39 API calls 96679->96740 96684 aab170 96681->96684 96682 aab294 96738 a906e6 10 API calls 96682->96738 96688 aab1a6 GetSystemDirectoryW 96684->96688 96693 a27510 53 API calls 96684->96693 96686 aab2aa 96739 a905a7 8 API calls 96686->96739 96687 aab2fd 96691 aab32a 96687->96691 96692 aab323 96687->96692 96690 a3fe0b 22 API calls 96688->96690 96695 aab1cb GetSystemDirectoryW 96690->96695 96742 a814ce 6 API calls 96691->96742 96741 a81201 128 API calls 2 library calls 96692->96741 96697 aab187 96693->96697 96694 aab2d0 96694->96674 96695->96660 96700 a27620 22 API calls 96697->96700 96699 aab328 96699->96721 96703 aab191 _wcslen 96700->96703 96701 aab42f CloseHandle 96704 aab43f 96701->96704 96714 aab49a 96701->96714 96702 aab3d6 GetLastError 96713 aab41a 96702->96713 96703->96660 96703->96688 96705 aab451 96704->96705 96706 aab446 CloseHandle 96704->96706 96708 aab458 CloseHandle 96705->96708 96709 aab463 96705->96709 96706->96705 96708->96709 96711 aab46a CloseHandle 96709->96711 96712 aab475 96709->96712 96710 aab4a6 96710->96713 96711->96712 96743 a909d9 34 API calls 96712->96743 96726 a90175 96713->96726 96714->96710 96717 aab4d2 CloseHandle 96714->96717 96717->96713 96719 aab486 96744 aab536 25 API calls 96719->96744 96721->96701 96721->96702 96723 a2762a _wcslen 96722->96723 96724 a3fe0b 22 API calls 96723->96724 96725 a2763f 96724->96725 96725->96649 96745 a9030f 96726->96745 96730 a2b578 96729->96730 96731 a2b57f 96729->96731 96730->96731 96758 a462d1 39 API calls _strftime 96730->96758 96731->96636 96733 a2b5c2 96733->96636 96734->96669 96735->96675 96736->96665 96737->96682 96738->96686 96739->96694 96740->96687 96741->96699 96742->96721 96743->96719 96744->96714 96746 a90329 96745->96746 96747 a90321 CloseHandle 96745->96747 96748 a9032e CloseHandle 96746->96748 96749 a90336 96746->96749 96747->96746 96748->96749 96750 a9033b CloseHandle 96749->96750 96751 a90343 96749->96751 96750->96751 96752 a90348 CloseHandle 96751->96752 96753 a90350 96751->96753 96752->96753 96754 a9035d 96753->96754 96755 a90355 CloseHandle 96753->96755 96756 a9017d 96754->96756 96757 a90362 CloseHandle 96754->96757 96755->96754 96756->96394 96757->96756 96758->96733 96760 a8dbdc GetFileAttributesW 96759->96760 96761 a8dc06 96759->96761 96760->96761 96762 a8dbe8 FindFirstFileW 96760->96762 96761->96573 96762->96761 96763 a8dbf9 FindClose 96762->96763 96763->96761 96765 a2aceb 23 API calls 96764->96765 96766 ab2af3 96765->96766 96767 ab2aff 96766->96767 96768 ab2b1d 96766->96768 96769 a27510 53 API calls 96767->96769 96770 a26b57 22 API calls 96768->96770 96771 ab2b0c 96769->96771 96772 ab2b1b 96770->96772 96771->96772 96774 a2a8c7 22 API calls __fread_nolock 96771->96774 96772->96581 96774->96772 96775->96594 96776->96594 96778 a2ae01 96777->96778 96781 a2ae1c messages 96777->96781 96779 a2aec9 22 API calls 96778->96779 96780 a2ae09 CharUpperBuffW 96779->96780 96780->96781 96781->96409 96783 a2acae 96782->96783 96784 a2acd1 96783->96784 96810 a9359c 82 API calls __wsopen_s 96783->96810 96784->96461 96787 a2ad92 96786->96787 96788 a6fadb 96786->96788 96789 a3fddb 22 API calls 96787->96789 96790 a2ad99 96789->96790 96811 a2adcd 96790->96811 96793->96462 96794->96462 96795->96413 96796->96451 96797->96428 96798->96451 96799->96451 96800->96461 96801->96461 96802->96461 96803->96461 96804->96461 96805->96444 96806->96451 96807->96447 96808->96449 96809->96451 96810->96784 96815 a2addd 96811->96815 96812 a2adb6 96812->96461 96813 a3fddb 22 API calls 96813->96815 96814 a2a961 22 API calls 96814->96815 96815->96812 96815->96813 96815->96814 96817 a2adcd 22 API calls 96815->96817 96818 a2a8c7 22 API calls __fread_nolock 96815->96818 96817->96815 96818->96815 96819->96495 96820->96495 96821->96490 96822->96490 96823->96490 96824->96490 96825->96494 96826->96490 96831 a8df02 96827->96831 96828 a8df19 96837 a462fb 39 API calls _strftime 96828->96837 96831->96828 96832 a8df1f 96831->96832 96836 a463b2 GetStringTypeW _strftime 96831->96836 96832->96510 96833->96510 96834->96510 96835->96510 96836->96831 96837->96832 96838 a58402 96843 a581be 96838->96843 96841 a5842a 96848 a581ef try_get_first_available_module 96843->96848 96845 a583ee 96862 a527ec 26 API calls pre_c_initialization 96845->96862 96847 a58343 96847->96841 96855 a60984 96847->96855 96851 a58338 96848->96851 96858 a48e0b 40 API calls 2 library calls 96848->96858 96850 a5838c 96850->96851 96859 a48e0b 40 API calls 2 library calls 96850->96859 96851->96847 96861 a4f2d9 20 API calls __dosmaperr 96851->96861 96853 a583ab 96853->96851 96860 a48e0b 40 API calls 2 library calls 96853->96860 96863 a60081 96855->96863 96857 a6099f 96857->96841 96858->96850 96859->96853 96860->96851 96861->96845 96862->96847 96866 a6008d CallCatchBlock 96863->96866 96864 a6009b 96921 a4f2d9 20 API calls __dosmaperr 96864->96921 96866->96864 96868 a600d4 96866->96868 96867 a600a0 96922 a527ec 26 API calls pre_c_initialization 96867->96922 96874 a6065b 96868->96874 96873 a600aa __fread_nolock 96873->96857 96924 a6042f 96874->96924 96877 a606a6 96942 a55221 96877->96942 96878 a6068d 96956 a4f2c6 20 API calls __dosmaperr 96878->96956 96881 a60692 96957 a4f2d9 20 API calls __dosmaperr 96881->96957 96882 a606ab 96883 a606b4 96882->96883 96884 a606cb 96882->96884 96958 a4f2c6 20 API calls __dosmaperr 96883->96958 96955 a6039a CreateFileW 96884->96955 96888 a600f8 96923 a60121 LeaveCriticalSection __wsopen_s 96888->96923 96889 a606b9 96959 a4f2d9 20 API calls __dosmaperr 96889->96959 96890 a60781 GetFileType 96893 a607d3 96890->96893 96894 a6078c GetLastError 96890->96894 96892 a60756 GetLastError 96961 a4f2a3 20 API calls 2 library calls 96892->96961 96964 a5516a 21 API calls 3 library calls 96893->96964 96962 a4f2a3 20 API calls 2 library calls 96894->96962 96895 a60704 96895->96890 96895->96892 96960 a6039a CreateFileW 96895->96960 96899 a6079a CloseHandle 96899->96881 96902 a607c3 96899->96902 96901 a60749 96901->96890 96901->96892 96963 a4f2d9 20 API calls __dosmaperr 96902->96963 96903 a607f4 96905 a60840 96903->96905 96965 a605ab 72 API calls 4 library calls 96903->96965 96910 a6086d 96905->96910 96966 a6014d 72 API calls 4 library calls 96905->96966 96906 a607c8 96906->96881 96909 a60866 96909->96910 96911 a6087e 96909->96911 96912 a586ae __wsopen_s 29 API calls 96910->96912 96911->96888 96913 a608fc CloseHandle 96911->96913 96912->96888 96967 a6039a CreateFileW 96913->96967 96915 a60927 96916 a60931 GetLastError 96915->96916 96920 a6095d 96915->96920 96968 a4f2a3 20 API calls 2 library calls 96916->96968 96918 a6093d 96969 a55333 21 API calls 3 library calls 96918->96969 96920->96888 96921->96867 96922->96873 96923->96873 96925 a6046a 96924->96925 96926 a60450 96924->96926 96970 a603bf 96925->96970 96926->96925 96977 a4f2d9 20 API calls __dosmaperr 96926->96977 96929 a6045f 96978 a527ec 26 API calls pre_c_initialization 96929->96978 96931 a604a2 96932 a604d1 96931->96932 96979 a4f2d9 20 API calls __dosmaperr 96931->96979 96940 a60524 96932->96940 96981 a4d70d 26 API calls 2 library calls 96932->96981 96935 a6051f 96937 a6059e 96935->96937 96935->96940 96936 a604c6 96980 a527ec 26 API calls pre_c_initialization 96936->96980 96982 a527fc 11 API calls _abort 96937->96982 96940->96877 96940->96878 96941 a605aa 96943 a5522d CallCatchBlock 96942->96943 96985 a52f5e EnterCriticalSection 96943->96985 96945 a55234 96946 a55259 96945->96946 96950 a552c7 EnterCriticalSection 96945->96950 96952 a5527b 96945->96952 96989 a55000 96946->96989 96949 a552a4 __fread_nolock 96949->96882 96950->96952 96953 a552d4 LeaveCriticalSection 96950->96953 96986 a5532a 96952->96986 96953->96945 96955->96895 96956->96881 96957->96888 96958->96889 96959->96881 96960->96901 96961->96881 96962->96899 96963->96906 96964->96903 96965->96905 96966->96909 96967->96915 96968->96918 96969->96920 96972 a603d7 96970->96972 96971 a603f2 96971->96931 96972->96971 96983 a4f2d9 20 API calls __dosmaperr 96972->96983 96974 a60416 96984 a527ec 26 API calls pre_c_initialization 96974->96984 96976 a60421 96976->96931 96977->96929 96978->96925 96979->96936 96980->96932 96981->96935 96982->96941 96983->96974 96984->96976 96985->96945 96997 a52fa6 LeaveCriticalSection 96986->96997 96988 a55331 96988->96949 96990 a54c7d __dosmaperr 20 API calls 96989->96990 96992 a55012 96990->96992 96991 a5501f 96993 a529c8 _free 20 API calls 96991->96993 96992->96991 96998 a53405 11 API calls 2 library calls 96992->96998 96994 a55071 96993->96994 96994->96952 96996 a55147 EnterCriticalSection 96994->96996 96996->96952 96997->96988 96998->96992 96999 a21cad SystemParametersInfoW 97000 a21033 97005 a24c91 97000->97005 97004 a21042 97006 a2a961 22 API calls 97005->97006 97007 a24cff 97006->97007 97013 a23af0 97007->97013 97010 a24d9c 97011 a21038 97010->97011 97016 a251f7 22 API calls __fread_nolock 97010->97016 97012 a400a3 29 API calls __onexit 97011->97012 97012->97004 97017 a23b1c 97013->97017 97016->97010 97018 a23b29 97017->97018 97019 a23b0f 97017->97019 97018->97019 97020 a23b30 RegOpenKeyExW 97018->97020 97019->97010 97020->97019 97021 a23b4a RegQueryValueExW 97020->97021 97022 a23b80 RegCloseKey 97021->97022 97023 a23b6b 97021->97023 97022->97019 97023->97022 97024 a73f75 97035 a3ceb1 97024->97035 97026 a73f8b 97027 a74006 97026->97027 97044 a3e300 23 API calls 97026->97044 97029 a2bf40 348 API calls 97027->97029 97031 a74052 97029->97031 97030 a73fe6 97030->97031 97045 a91abf 22 API calls 97030->97045 97033 a74a88 97031->97033 97046 a9359c 82 API calls __wsopen_s 97031->97046 97036 a3ced2 97035->97036 97037 a3cebf 97035->97037 97039 a3ced7 97036->97039 97040 a3cf05 97036->97040 97038 a2aceb 23 API calls 97037->97038 97043 a3cec9 97038->97043 97042 a3fddb 22 API calls 97039->97042 97041 a2aceb 23 API calls 97040->97041 97041->97043 97042->97043 97043->97026 97044->97030 97045->97027 97046->97033 97047 a23156 97050 a23170 97047->97050 97051 a23187 97050->97051 97052 a231eb 97051->97052 97053 a2318c 97051->97053 97090 a231e9 97051->97090 97055 a231f1 97052->97055 97056 a62dfb 97052->97056 97057 a23265 PostQuitMessage 97053->97057 97058 a23199 97053->97058 97054 a231d0 DefWindowProcW 97092 a2316a 97054->97092 97059 a231f8 97055->97059 97060 a2321d SetTimer RegisterWindowMessageW 97055->97060 97105 a218e2 10 API calls 97056->97105 97057->97092 97062 a231a4 97058->97062 97063 a62e7c 97058->97063 97068 a23201 KillTimer 97059->97068 97069 a62d9c 97059->97069 97064 a23246 CreatePopupMenu 97060->97064 97060->97092 97065 a231ae 97062->97065 97066 a62e68 97062->97066 97108 a8bf30 34 API calls ___scrt_fastfail 97063->97108 97064->97092 97072 a62e4d 97065->97072 97073 a231b9 97065->97073 97095 a8c161 97066->97095 97077 a230f2 Shell_NotifyIconW 97068->97077 97075 a62dd7 MoveWindow 97069->97075 97076 a62da1 97069->97076 97070 a62e1c 97106 a3e499 42 API calls 97070->97106 97072->97054 97107 a80ad7 22 API calls 97072->97107 97079 a23253 97073->97079 97088 a231c4 97073->97088 97074 a62e8e 97074->97054 97074->97092 97075->97092 97080 a62dc6 SetFocus 97076->97080 97081 a62da7 97076->97081 97082 a23214 97077->97082 97103 a2326f 44 API calls ___scrt_fastfail 97079->97103 97080->97092 97084 a62db0 97081->97084 97081->97088 97102 a23c50 DeleteObject DestroyWindow 97082->97102 97104 a218e2 10 API calls 97084->97104 97087 a23263 97087->97092 97088->97054 97091 a230f2 Shell_NotifyIconW 97088->97091 97090->97054 97093 a62e41 97091->97093 97094 a23837 49 API calls 97093->97094 97094->97090 97096 a8c179 ___scrt_fastfail 97095->97096 97097 a8c276 97095->97097 97098 a23923 24 API calls 97096->97098 97097->97092 97100 a8c1a0 97098->97100 97099 a8c25f KillTimer SetTimer 97099->97097 97100->97099 97101 a8c251 Shell_NotifyIconW 97100->97101 97101->97099 97102->97092 97103->97087 97104->97092 97105->97070 97106->97088 97107->97090 97108->97074 97109 a22e37 97110 a2a961 22 API calls 97109->97110 97111 a22e4d 97110->97111 97188 a24ae3 97111->97188 97113 a22e6b 97114 a23a5a 24 API calls 97113->97114 97115 a22e7f 97114->97115 97116 a29cb3 22 API calls 97115->97116 97117 a22e8c 97116->97117 97118 a24ecb 94 API calls 97117->97118 97119 a22ea5 97118->97119 97120 a62cb0 97119->97120 97121 a22ead 97119->97121 97122 a92cf9 80 API calls 97120->97122 97202 a2a8c7 22 API calls __fread_nolock 97121->97202 97123 a62cc3 97122->97123 97124 a62ccf 97123->97124 97127 a24f39 68 API calls 97123->97127 97130 a24f39 68 API calls 97124->97130 97126 a22ec3 97203 a26f88 22 API calls 97126->97203 97127->97124 97129 a22ecf 97131 a29cb3 22 API calls 97129->97131 97132 a62ce5 97130->97132 97133 a22edc 97131->97133 97220 a23084 22 API calls 97132->97220 97204 a2a81b 41 API calls 97133->97204 97136 a22eec 97138 a29cb3 22 API calls 97136->97138 97137 a62d02 97221 a23084 22 API calls 97137->97221 97140 a22f12 97138->97140 97205 a2a81b 41 API calls 97140->97205 97141 a62d1e 97143 a23a5a 24 API calls 97141->97143 97144 a62d44 97143->97144 97222 a23084 22 API calls 97144->97222 97145 a22f21 97147 a2a961 22 API calls 97145->97147 97149 a22f3f 97147->97149 97148 a62d50 97223 a2a8c7 22 API calls __fread_nolock 97148->97223 97206 a23084 22 API calls 97149->97206 97152 a62d5e 97224 a23084 22 API calls 97152->97224 97153 a22f4b 97207 a44a28 40 API calls 3 library calls 97153->97207 97155 a62d6d 97225 a2a8c7 22 API calls __fread_nolock 97155->97225 97157 a22f59 97157->97132 97158 a22f63 97157->97158 97208 a44a28 40 API calls 3 library calls 97158->97208 97161 a62d83 97226 a23084 22 API calls 97161->97226 97162 a22f6e 97162->97137 97164 a22f78 97162->97164 97209 a44a28 40 API calls 3 library calls 97164->97209 97165 a62d90 97167 a22f83 97167->97141 97168 a22f8d 97167->97168 97210 a44a28 40 API calls 3 library calls 97168->97210 97170 a22f98 97171 a22fdc 97170->97171 97211 a23084 22 API calls 97170->97211 97171->97155 97172 a22fe8 97171->97172 97172->97165 97214 a263eb 22 API calls 97172->97214 97174 a22fbf 97212 a2a8c7 22 API calls __fread_nolock 97174->97212 97177 a22ff8 97215 a26a50 22 API calls 97177->97215 97178 a22fcd 97213 a23084 22 API calls 97178->97213 97181 a23006 97216 a270b0 23 API calls 97181->97216 97185 a23021 97186 a23065 97185->97186 97217 a26f88 22 API calls 97185->97217 97218 a270b0 23 API calls 97185->97218 97219 a23084 22 API calls 97185->97219 97189 a24af0 __wsopen_s 97188->97189 97190 a26b57 22 API calls 97189->97190 97191 a24b22 97189->97191 97190->97191 97201 a24b58 97191->97201 97227 a24c6d 97191->97227 97193 a29cb3 22 API calls 97195 a24c52 97193->97195 97194 a29cb3 22 API calls 97194->97201 97196 a2515f 22 API calls 97195->97196 97199 a24c5e 97196->97199 97197 a24c6d 22 API calls 97197->97201 97198 a2515f 22 API calls 97198->97201 97199->97113 97200 a24c29 97200->97193 97200->97199 97201->97194 97201->97197 97201->97198 97201->97200 97202->97126 97203->97129 97204->97136 97205->97145 97206->97153 97207->97157 97208->97162 97209->97167 97210->97170 97211->97174 97212->97178 97213->97171 97214->97177 97215->97181 97216->97185 97217->97185 97218->97185 97219->97185 97220->97137 97221->97141 97222->97148 97223->97152 97224->97155 97225->97161 97226->97165 97228 a2aec9 22 API calls 97227->97228 97229 a24c78 97228->97229 97229->97191 97230 a2105b 97235 a2344d 97230->97235 97232 a2106a 97266 a400a3 29 API calls __onexit 97232->97266 97234 a21074 97236 a2345d __wsopen_s 97235->97236 97237 a2a961 22 API calls 97236->97237 97238 a23513 97237->97238 97239 a23a5a 24 API calls 97238->97239 97240 a2351c 97239->97240 97267 a23357 97240->97267 97243 a233c6 22 API calls 97244 a23535 97243->97244 97245 a2515f 22 API calls 97244->97245 97246 a23544 97245->97246 97247 a2a961 22 API calls 97246->97247 97248 a2354d 97247->97248 97249 a2a6c3 22 API calls 97248->97249 97250 a23556 RegOpenKeyExW 97249->97250 97251 a63176 RegQueryValueExW 97250->97251 97255 a23578 97250->97255 97252 a63193 97251->97252 97253 a6320c RegCloseKey 97251->97253 97254 a3fe0b 22 API calls 97252->97254 97253->97255 97265 a6321e _wcslen 97253->97265 97256 a631ac 97254->97256 97255->97232 97257 a25722 22 API calls 97256->97257 97258 a631b7 RegQueryValueExW 97257->97258 97259 a631d4 97258->97259 97262 a631ee messages 97258->97262 97260 a26b57 22 API calls 97259->97260 97260->97262 97261 a24c6d 22 API calls 97261->97265 97262->97253 97263 a29cb3 22 API calls 97263->97265 97264 a2515f 22 API calls 97264->97265 97265->97255 97265->97261 97265->97263 97265->97264 97266->97234 97268 a61f50 __wsopen_s 97267->97268 97269 a23364 GetFullPathNameW 97268->97269 97270 a23386 97269->97270 97271 a26b57 22 API calls 97270->97271 97272 a233a4 97271->97272 97272->97243 97273 a21098 97278 a242de 97273->97278 97277 a210a7 97279 a2a961 22 API calls 97278->97279 97280 a242f5 GetVersionExW 97279->97280 97281 a26b57 22 API calls 97280->97281 97282 a24342 97281->97282 97283 a293b2 22 API calls 97282->97283 97285 a24378 97282->97285 97284 a2436c 97283->97284 97287 a237a0 22 API calls 97284->97287 97286 a2441b GetCurrentProcess IsWow64Process 97285->97286 97289 a637df 97285->97289 97288 a24437 97286->97288 97287->97285 97290 a63824 GetSystemInfo 97288->97290 97291 a2444f LoadLibraryA 97288->97291 97292 a24460 GetProcAddress 97291->97292 97293 a2449c GetSystemInfo 97291->97293 97292->97293 97295 a24470 GetNativeSystemInfo 97292->97295 97294 a24476 97293->97294 97296 a2109d 97294->97296 97297 a2447a FreeLibrary 97294->97297 97295->97294 97298 a400a3 29 API calls __onexit 97296->97298 97297->97296 97298->97277 97299 a2f7bf 97300 a2f7d3 97299->97300 97301 a2fcb6 97299->97301 97303 a2fcc2 97300->97303 97304 a3fddb 22 API calls 97300->97304 97302 a2aceb 23 API calls 97301->97302 97302->97303 97305 a2aceb 23 API calls 97303->97305 97306 a2f7e5 97304->97306 97308 a2fd3d 97305->97308 97306->97303 97307 a2f83e 97306->97307 97306->97308 97310 a31310 348 API calls 97307->97310 97326 a2ed9d messages 97307->97326 97336 a91155 22 API calls 97308->97336 97331 a2ec76 messages 97310->97331 97311 a3fddb 22 API calls 97311->97331 97312 a74beb 97342 a9359c 82 API calls __wsopen_s 97312->97342 97313 a2fef7 97313->97326 97338 a2a8c7 22 API calls __fread_nolock 97313->97338 97316 a74600 97316->97326 97337 a2a8c7 22 API calls __fread_nolock 97316->97337 97317 a74b0b 97340 a9359c 82 API calls __wsopen_s 97317->97340 97323 a40242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97323->97331 97324 a2a8c7 22 API calls 97324->97331 97325 a2fbe3 97325->97326 97328 a74bdc 97325->97328 97333 a2f3ae messages 97325->97333 97327 a2a961 22 API calls 97327->97331 97341 a9359c 82 API calls __wsopen_s 97328->97341 97329 a400a3 29 API calls pre_c_initialization 97329->97331 97331->97311 97331->97312 97331->97313 97331->97316 97331->97317 97331->97323 97331->97324 97331->97325 97331->97326 97331->97327 97331->97329 97332 a401f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97331->97332 97331->97333 97334 a301e0 348 API calls 2 library calls 97331->97334 97335 a306a0 41 API calls messages 97331->97335 97332->97331 97333->97326 97339 a9359c 82 API calls __wsopen_s 97333->97339 97334->97331 97335->97331 97336->97326 97337->97326 97338->97326 97339->97326 97340->97326 97341->97312 97342->97326 97343 a2defc 97346 a21d6f 97343->97346 97345 a2df07 97347 a21d8c 97346->97347 97348 a21f6f 348 API calls 97347->97348 97349 a21da6 97348->97349 97350 a62759 97349->97350 97352 a21e36 97349->97352 97354 a21dc2 97349->97354 97356 a9359c 82 API calls __wsopen_s 97350->97356 97352->97345 97354->97352 97355 a2289a 23 API calls 97354->97355 97355->97352 97356->97352 97357 ab2a55 97365 a91ebc 97357->97365 97360 ab2a87 97361 ab2a70 97367 a839c0 22 API calls 97361->97367 97363 ab2a7c 97368 a8417d 22 API calls __fread_nolock 97363->97368 97366 a91ec3 IsWindow 97365->97366 97366->97360 97366->97361 97367->97363 97368->97360 97369 a403fb 97370 a40407 CallCatchBlock 97369->97370 97398 a3feb1 97370->97398 97372 a4040e 97373 a40561 97372->97373 97376 a40438 97372->97376 97428 a4083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97373->97428 97375 a40568 97421 a44e52 97375->97421 97386 a40477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97376->97386 97409 a5247d 97376->97409 97383 a40457 97385 a404d8 97417 a40959 97385->97417 97386->97385 97424 a44e1a 38 API calls 3 library calls 97386->97424 97389 a404de 97390 a404f3 97389->97390 97425 a40992 GetModuleHandleW 97390->97425 97392 a404fa 97392->97375 97393 a404fe 97392->97393 97394 a40507 97393->97394 97426 a44df5 28 API calls _abort 97393->97426 97427 a40040 13 API calls 2 library calls 97394->97427 97397 a4050f 97397->97383 97399 a3feba 97398->97399 97430 a40698 IsProcessorFeaturePresent 97399->97430 97401 a3fec6 97431 a42c94 10 API calls 3 library calls 97401->97431 97403 a3fecb 97404 a3fecf 97403->97404 97432 a52317 97403->97432 97404->97372 97407 a3fee6 97407->97372 97412 a52494 97409->97412 97410 a40a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97411 a40451 97410->97411 97411->97383 97413 a52421 97411->97413 97412->97410 97414 a52450 97413->97414 97415 a40a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97414->97415 97416 a52479 97415->97416 97416->97386 97483 a42340 97417->97483 97420 a4097f 97420->97389 97485 a44bcf 97421->97485 97424->97385 97425->97392 97426->97394 97427->97397 97428->97375 97430->97401 97431->97403 97436 a5d1f6 97432->97436 97435 a42cbd 8 API calls 3 library calls 97435->97404 97437 a5d213 97436->97437 97438 a5d20f 97436->97438 97437->97438 97442 a54bfb 97437->97442 97454 a40a8c 97438->97454 97440 a3fed8 97440->97407 97440->97435 97443 a54c07 CallCatchBlock 97442->97443 97461 a52f5e EnterCriticalSection 97443->97461 97445 a54c0e 97462 a550af 97445->97462 97447 a54c1d 97448 a54c2c 97447->97448 97475 a54a8f 29 API calls 97447->97475 97477 a54c48 LeaveCriticalSection _abort 97448->97477 97451 a54c27 97476 a54b45 GetStdHandle GetFileType 97451->97476 97452 a54c3d __fread_nolock 97452->97437 97455 a40a95 97454->97455 97456 a40a97 IsProcessorFeaturePresent 97454->97456 97455->97440 97458 a40c5d 97456->97458 97482 a40c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97458->97482 97460 a40d40 97460->97440 97461->97445 97463 a550bb CallCatchBlock 97462->97463 97464 a550df 97463->97464 97465 a550c8 97463->97465 97478 a52f5e EnterCriticalSection 97464->97478 97479 a4f2d9 20 API calls __dosmaperr 97465->97479 97468 a550cd 97480 a527ec 26 API calls pre_c_initialization 97468->97480 97470 a550d7 __fread_nolock 97470->97447 97471 a55117 97481 a5513e LeaveCriticalSection _abort 97471->97481 97473 a550eb 97473->97471 97474 a55000 __wsopen_s 21 API calls 97473->97474 97474->97473 97475->97451 97476->97448 97477->97452 97478->97473 97479->97468 97480->97470 97481->97470 97482->97460 97484 a4096c GetStartupInfoW 97483->97484 97484->97420 97486 a44bdb _unexpected 97485->97486 97487 a44bf4 97486->97487 97488 a44be2 97486->97488 97509 a52f5e EnterCriticalSection 97487->97509 97524 a44d29 GetModuleHandleW 97488->97524 97491 a44bfb 97497 a44c70 97491->97497 97507 a44c99 97491->97507 97510 a521a8 97491->97510 97492 a44be7 97492->97487 97525 a44d6d GetModuleHandleExW 97492->97525 97498 a44c88 97497->97498 97503 a52421 _abort 5 API calls 97497->97503 97504 a52421 _abort 5 API calls 97498->97504 97499 a44cb6 97516 a44ce8 97499->97516 97500 a44ce2 97533 a61d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 97500->97533 97503->97498 97504->97507 97513 a44cd9 97507->97513 97509->97491 97534 a51ee1 97510->97534 97553 a52fa6 LeaveCriticalSection 97513->97553 97515 a44cb2 97515->97499 97515->97500 97554 a5360c 97516->97554 97519 a44d16 97522 a44d6d _abort 8 API calls 97519->97522 97520 a44cf6 GetPEB 97520->97519 97521 a44d06 GetCurrentProcess TerminateProcess 97520->97521 97521->97519 97523 a44d1e ExitProcess 97522->97523 97524->97492 97526 a44d97 GetProcAddress 97525->97526 97527 a44dba 97525->97527 97531 a44dac 97526->97531 97528 a44dc0 FreeLibrary 97527->97528 97529 a44dc9 97527->97529 97528->97529 97530 a40a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97529->97530 97532 a44bf3 97530->97532 97531->97527 97532->97487 97537 a51e90 97534->97537 97536 a51f05 97536->97497 97538 a51e9c CallCatchBlock 97537->97538 97545 a52f5e EnterCriticalSection 97538->97545 97540 a51eaa 97546 a51f31 97540->97546 97544 a51ec8 __fread_nolock 97544->97536 97545->97540 97547 a51f51 97546->97547 97548 a51f59 97546->97548 97549 a40a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97547->97549 97548->97547 97551 a529c8 _free 20 API calls 97548->97551 97550 a51eb7 97549->97550 97552 a51ed5 LeaveCriticalSection _abort 97550->97552 97551->97547 97552->97544 97553->97515 97555 a53627 97554->97555 97556 a53631 97554->97556 97558 a40a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97555->97558 97561 a52fd7 5 API calls 2 library calls 97556->97561 97559 a44cf2 97558->97559 97559->97519 97559->97520 97560 a53648 97560->97555 97561->97560

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00A242DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 389 a242de-a2434d call a2a961 GetVersionExW call a26b57 394 a63617-a6362a 389->394 395 a24353 389->395 396 a6362b-a6362f 394->396 397 a24355-a24357 395->397 398 a63632-a6363e 396->398 399 a63631 396->399 400 a63656 397->400 401 a2435d-a243bc call a293b2 call a237a0 397->401 398->396 402 a63640-a63642 398->402 399->398 405 a6365d-a63660 400->405 418 a243c2-a243c4 401->418 419 a637df-a637e6 401->419 402->397 404 a63648-a6364f 402->404 404->394 407 a63651 404->407 408 a63666-a636a8 405->408 409 a2441b-a24435 GetCurrentProcess IsWow64Process 405->409 407->400 408->409 413 a636ae-a636b1 408->413 411 a24437 409->411 412 a24494-a2449a 409->412 415 a2443d-a24449 411->415 412->415 416 a636b3-a636bd 413->416 417 a636db-a636e5 413->417 425 a63824-a63828 GetSystemInfo 415->425 426 a2444f-a2445e LoadLibraryA 415->426 427 a636bf-a636c5 416->427 428 a636ca-a636d6 416->428 421 a636e7-a636f3 417->421 422 a636f8-a63702 417->422 418->405 420 a243ca-a243dd 418->420 423 a63806-a63809 419->423 424 a637e8 419->424 429 a63726-a6372f 420->429 430 a243e3-a243e5 420->430 421->409 432 a63704-a63710 422->432 433 a63715-a63721 422->433 434 a637f4-a637fc 423->434 435 a6380b-a6381a 423->435 431 a637ee 424->431 436 a24460-a2446e GetProcAddress 426->436 437 a2449c-a244a6 GetSystemInfo 426->437 427->409 428->409 441 a63731-a63737 429->441 442 a6373c-a63748 429->442 439 a243eb-a243ee 430->439 440 a6374d-a63762 430->440 431->434 432->409 433->409 434->423 435->431 443 a6381c-a63822 435->443 436->437 444 a24470-a24474 GetNativeSystemInfo 436->444 438 a24476-a24478 437->438 449 a24481-a24493 438->449 450 a2447a-a2447b FreeLibrary 438->450 445 a243f4-a2440f 439->445 446 a63791-a63794 439->446 447 a63764-a6376a 440->447 448 a6376f-a6377b 440->448 441->409 442->409 443->434 444->438 451 a63780-a6378c 445->451 452 a24415 445->452 446->409 453 a6379a-a637c1 446->453 447->409 448->409 450->449 451->409 452->409 454 a637c3-a637c9 453->454 455 a637ce-a637da 453->455 454->409 455->409
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00A2430D
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00ABCB64,00000000,?,?), ref: 00A24422
                                                                                                                                                                                                                          • IsWow64Process.KERNEL32(00000000,?,?), ref: 00A24429
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00A24454
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00A24466
                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNELBASE(?,?,?), ref: 00A24474
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?), ref: 00A2447B
                                                                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,?), ref: 00A244A0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                          • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                          • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                          • Opcode ID: acd4754f4f5ca0f6b69a324a0780e3cadf9eb3ff36af0862b23f38e92bc9e2c7
                                                                                                                                                                                                                          • Instruction ID: fef92e3db9fe379646641dae03ce2b8e65c1234f4d2a09163fdf3e5f79165b54
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acd4754f4f5ca0f6b69a324a0780e3cadf9eb3ff36af0862b23f38e92bc9e2c7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFA1947690A2D4DFCB95D7EDBC815B97FF46B3A700B084BA9D0859FA22D230450BDB21
                                                                                                                                                                                                                          Function 00A242A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 793 a242a2-a242ba CreateStreamOnHGlobal 794 a242da-a242dd 793->794 795 a242bc-a242d3 FindResourceExW 793->795 796 a242d9 795->796 797 a635ba-a635c9 LoadResource 795->797 796->794 797->796 798 a635cf-a635dd SizeofResource 797->798 798->796 799 a635e3-a635ee LockResource 798->799 799->796 800 a635f4-a635fc 799->800 801 a63600-a63612 800->801 801->796
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00A250AA,?,?,00000000,00000000), ref: 00A242B2
                                                                                                                                                                                                                          • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00A250AA,?,?,00000000,00000000), ref: 00A242C9
                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,00A250AA,?,?,00000000,00000000,?,?,?,?,?,?,00A24F20), ref: 00A635BE
                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000,?,?,00A250AA,?,?,00000000,00000000,?,?,?,?,?,?,00A24F20), ref: 00A635D3
                                                                                                                                                                                                                          • LockResource.KERNEL32(00A250AA,?,?,00A250AA,?,?,00000000,00000000,?,?,?,?,?,?,00A24F20,?), ref: 00A635E6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                          • String ID: SCRIPT
                                                                                                                                                                                                                          • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                          • Opcode ID: 04624e51d62445ce3e587136fe8c05999cba7f14861dba59f11eebd253951597
                                                                                                                                                                                                                          • Instruction ID: 74d3a5ac3693c570448d7353b582bf05408ca1ab21fd619dec1713e363be1aa6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 04624e51d62445ce3e587136fe8c05999cba7f14861dba59f11eebd253951597
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64117C71200710FFDB219BAAEC48FA77BB9EBC9B61F104269B40296261DB71DC018630
                                                                                                                                                                                                                          Function 00A62BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A22B6B
                                                                                                                                                                                                                            • Part of subcall function 00A23A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AF1418,?,00A22E7F,?,?,?,00000000), ref: 00A23A78
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • GetForegroundWindow.USER32(runas,?,?,?,?,?,00AE2224), ref: 00A62C10
                                                                                                                                                                                                                          • ShellExecuteW.SHELL32(00000000,?,?,00AE2224), ref: 00A62C17
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                          • String ID: runas
                                                                                                                                                                                                                          • API String ID: 448630720-4000483414
                                                                                                                                                                                                                          • Opcode ID: 7cfdbb7b176c4f21a889ef063586332095ae4170d48a111c9a107739fac5dd3a
                                                                                                                                                                                                                          • Instruction ID: 3674dcf178396a06624d604b1b3597590796f9f70a111db22e511559da4a70b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cfdbb7b176c4f21a889ef063586332095ae4170d48a111c9a107739fac5dd3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09110632508355AACB04FFACF951EBE77A4ABD2710F44083CF182560A3CF258A0AD712
                                                                                                                                                                                                                          Function 00A8D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00A8D501
                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00A8D50F
                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00A8D52F
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000), ref: 00A8D5DC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 420147892-0
                                                                                                                                                                                                                          • Opcode ID: 5debb00901952ee67ba559c4ae3cfbdfbe6ee86df528261c5c9c07b3409bdb12
                                                                                                                                                                                                                          • Instruction ID: 1db2895212794eccc8c23a526327a8842c4001dd5a32d17a3788cc6552f2df4d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5debb00901952ee67ba559c4ae3cfbdfbe6ee86df528261c5c9c07b3409bdb12
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5831AD310083009FD304EF68D881EAFBBE8EF99354F14093DF585961A2EB719949CBA2
                                                                                                                                                                                                                          Function 00A8DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 993 a8dbbe-a8dbda lstrlenW 994 a8dbdc-a8dbe6 GetFileAttributesW 993->994 995 a8dc06 993->995 996 a8dbe8-a8dbf7 FindFirstFileW 994->996 997 a8dc09-a8dc0d 994->997 995->997 996->995 998 a8dbf9-a8dc04 FindClose 996->998 998->997
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00A65222), ref: 00A8DBCE
                                                                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?), ref: 00A8DBDD
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A8DBEE
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A8DBFA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2695905019-0
                                                                                                                                                                                                                          • Opcode ID: e734f02cd5102f77ce5706cfe8e9e0ad16c819b47a103790d1d918654c2ccb6b
                                                                                                                                                                                                                          • Instruction ID: 0475fc79f17b4d2da070f2e39f39736eb918586992cfa874f38d513a7b6d181b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e734f02cd5102f77ce5706cfe8e9e0ad16c819b47a103790d1d918654c2ccb6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45F0A9B081091067C220BBBCAC0D8AA37AC9E02334B104702F836C20F1EBB09D968696
                                                                                                                                                                                                                          Function 00A44CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00A528E9,?,00A44CBE,00A528E9,00AE88B8,0000000C,00A44E15,00A528E9,00000002,00000000,?,00A528E9), ref: 00A44D09
                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00A44CBE,00A528E9,00AE88B8,0000000C,00A44E15,00A528E9,00000002,00000000,?,00A528E9), ref: 00A44D10
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00A44D22
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                                                                          • Opcode ID: 43d2c68ae26043adb81b4d8be41ffa52cdc4e901f5d6cbff143b43fc2ab8932d
                                                                                                                                                                                                                          • Instruction ID: d5db5c1e92b636a5c86c4fbe2b3a1a3978dee6a40fc5def3f7bb6a95d4a4197d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 43d2c68ae26043adb81b4d8be41ffa52cdc4e901f5d6cbff143b43fc2ab8932d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6E0B635400148AFCF11AF94DE09E597BA9FB85791F504118FC059A133CB35DD42CA80
                                                                                                                                                                                                                          Function 00AAAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 0 aaaff9-aab056 call a42340 3 aab058-aab06b call a2b567 0->3 4 aab094-aab098 0->4 12 aab0c8 3->12 13 aab06d-aab092 call a2b567 * 2 3->13 5 aab09a-aab0bb call a2b567 * 2 4->5 6 aab0dd-aab0e0 4->6 30 aab0bf-aab0c4 5->30 9 aab0e2-aab0e5 6->9 10 aab0f5-aab119 call a27510 call a27620 6->10 14 aab0e8-aab0ed call a2b567 9->14 32 aab1d8-aab1e0 10->32 33 aab11f-aab178 call a27510 call a27620 call a27510 call a27620 call a27510 call a27620 10->33 21 aab0cb-aab0cf 12->21 13->30 14->10 22 aab0d9-aab0db 21->22 23 aab0d1-aab0d7 21->23 22->6 22->10 23->14 30->6 34 aab0c6 30->34 35 aab20a-aab238 GetCurrentDirectoryW call a3fe0b GetCurrentDirectoryW 32->35 36 aab1e2-aab1fd call a27510 call a27620 32->36 82 aab17a-aab195 call a27510 call a27620 33->82 83 aab1a6-aab1d6 GetSystemDirectoryW call a3fe0b GetSystemDirectoryW 33->83 34->21 44 aab23c 35->44 36->35 53 aab1ff-aab208 call a44963 36->53 47 aab240-aab244 44->47 50 aab246-aab270 call a29c6e * 3 47->50 51 aab275-aab285 call a900d9 47->51 50->51 64 aab28b-aab2e1 call a907c0 call a906e6 call a905a7 51->64 65 aab287-aab289 51->65 53->35 53->51 68 aab2ee-aab2f2 64->68 96 aab2e3 64->96 65->68 70 aab39a-aab3be CreateProcessW 68->70 71 aab2f8-aab321 call a811c8 68->71 75 aab3c1-aab3d4 call a3fe14 * 2 70->75 87 aab32a call a814ce 71->87 88 aab323-aab328 call a81201 71->88 101 aab42f-aab43d CloseHandle 75->101 102 aab3d6-aab3e8 75->102 82->83 109 aab197-aab1a0 call a44963 82->109 83->44 100 aab32f-aab33c call a44963 87->100 88->100 96->68 111 aab33e-aab345 100->111 112 aab347-aab357 call a44963 100->112 105 aab43f-aab444 101->105 106 aab49c 101->106 107 aab3ea 102->107 108 aab3ed-aab3fc 102->108 113 aab451-aab456 105->113 114 aab446-aab44c CloseHandle 105->114 117 aab4a0-aab4a4 106->117 107->108 115 aab3fe 108->115 116 aab401-aab42a GetLastError call a2630c call a2cfa0 108->116 109->47 109->83 111->111 111->112 134 aab359-aab360 112->134 135 aab362-aab372 call a44963 112->135 121 aab458-aab45e CloseHandle 113->121 122 aab463-aab468 113->122 114->113 115->116 130 aab4e5-aab4f6 call a90175 116->130 124 aab4b2-aab4bc 117->124 125 aab4a6-aab4b0 117->125 121->122 127 aab46a-aab470 CloseHandle 122->127 128 aab475-aab49a call a909d9 call aab536 122->128 131 aab4be 124->131 132 aab4c4-aab4e3 call a2cfa0 CloseHandle 124->132 125->130 127->128 128->117 131->132 132->130 134->134 134->135 146 aab37d-aab398 call a3fe14 * 3 135->146 147 aab374-aab37b 135->147 146->75 147->146 147->147
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAB198
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AAB1B0
                                                                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00AAB1D4
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAB200
                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AAB214
                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00AAB236
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAB332
                                                                                                                                                                                                                            • Part of subcall function 00A905A7: GetStdHandle.KERNEL32(000000F6), ref: 00A905C6
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAB34B
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAB366
                                                                                                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00AAB3B6
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00AAB407
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00AAB439
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAB44A
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAB45C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAB46E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00AAB4E3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2178637699-0
                                                                                                                                                                                                                          • Opcode ID: 3ba9cc08a35eb806719d266ca0affb1aac04fd68b58e2424eb1319643f679819
                                                                                                                                                                                                                          • Instruction ID: 79f03b7514d62a72b20d6bad78767be1d7d16842798cfa3a812250f011c3f366
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ba9cc08a35eb806719d266ca0affb1aac04fd68b58e2424eb1319643f679819
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D9F1AD316143009FCB14EF28C991B6EBBE5AF86310F14856DF8959B2E2DB31EC45CB62
                                                                                                                                                                                                                          Function 00A2D730 Relevance: 21.6, APIs: 14, Instructions: 616windowsleeptimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetInputState.USER32 ref: 00A2D807
                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 00A2DA07
                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2DB28
                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00A2DB7B
                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00A2DB89
                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2DB9F
                                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A), ref: 00A2DBB1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2189390790-0
                                                                                                                                                                                                                          • Opcode ID: 39e02bf3637304c03accaf97bd61e7b20ff04cc3ddbb33cbd8a6dd0c64da756b
                                                                                                                                                                                                                          • Instruction ID: 049026df6b21a21c71477b86b1a34db107a27b4aa0bf3cea9b7c488d4a27ed7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39e02bf3637304c03accaf97bd61e7b20ff04cc3ddbb33cbd8a6dd0c64da756b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5142D070608251DFD729CF28D854FAABBF1BF85314F148A2DF49987292D770E885CB92
                                                                                                                                                                                                                          Function 00A22CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00A22D07
                                                                                                                                                                                                                          • RegisterClassExW.USER32(00000030), ref: 00A22D31
                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A22D42
                                                                                                                                                                                                                          • InitCommonControlsEx.COMCTL32(?), ref: 00A22D5F
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A22D6F
                                                                                                                                                                                                                          • LoadIconW.USER32(000000A9), ref: 00A22D85
                                                                                                                                                                                                                          • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A22D94
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                          • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                          • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                          • Opcode ID: cdca66049fed15ba8620e75e5b4063e5a7bb600c36eaeec42c39d24e64d18729
                                                                                                                                                                                                                          • Instruction ID: 27c310c9e90c63443b94815b1c9bb8397b1b98cb5e30ad9b99476d1af48051ce
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cdca66049fed15ba8620e75e5b4063e5a7bb600c36eaeec42c39d24e64d18729
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D21C0B5911218EFDB00DFE4E889BEDBBB8FB08714F10821AF551AA2A1D7B14546CF91
                                                                                                                                                                                                                          Function 00A6065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 457 a6065b-a6068b call a6042f 460 a606a6-a606b2 call a55221 457->460 461 a6068d-a60698 call a4f2c6 457->461 467 a606b4-a606c9 call a4f2c6 call a4f2d9 460->467 468 a606cb-a60714 call a6039a 460->468 466 a6069a-a606a1 call a4f2d9 461->466 477 a6097d-a60983 466->477 467->466 475 a60716-a6071f 468->475 476 a60781-a6078a GetFileType 468->476 479 a60756-a6077c GetLastError call a4f2a3 475->479 480 a60721-a60725 475->480 481 a607d3-a607d6 476->481 482 a6078c-a607bd GetLastError call a4f2a3 CloseHandle 476->482 479->466 480->479 486 a60727-a60754 call a6039a 480->486 484 a607df-a607e5 481->484 485 a607d8-a607dd 481->485 482->466 496 a607c3-a607ce call a4f2d9 482->496 489 a607e9-a60837 call a5516a 484->489 490 a607e7 484->490 485->489 486->476 486->479 499 a60847-a6086b call a6014d 489->499 500 a60839-a60845 call a605ab 489->500 490->489 496->466 507 a6087e-a608c1 499->507 508 a6086d 499->508 500->499 506 a6086f-a60879 call a586ae 500->506 506->477 509 a608e2-a608f0 507->509 510 a608c3-a608c7 507->510 508->506 513 a608f6-a608fa 509->513 514 a6097b 509->514 510->509 512 a608c9-a608dd 510->512 512->509 513->514 516 a608fc-a6092f CloseHandle call a6039a 513->516 514->477 519 a60963-a60977 516->519 520 a60931-a6095d GetLastError call a4f2a3 call a55333 516->520 519->514 520->519
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A6039A: CreateFileW.KERNELBASE(00000000,00000000,?,00A60704,?,?,00000000,?,00A60704,00000000,0000000C), ref: 00A603B7
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A6076F
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A60776
                                                                                                                                                                                                                          • GetFileType.KERNELBASE(00000000), ref: 00A60782
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A6078C
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A60795
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A607B5
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00A608FF
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A60931
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A60938
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                          • String ID: H
                                                                                                                                                                                                                          • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                          • Opcode ID: c711704e0c356abd75d7309ace5ed093927685064608e7f357898acc01134347
                                                                                                                                                                                                                          • Instruction ID: 3a52be84d5277446db5587a1d02f0d3cbcf1da6e37f8a7caacf84e5e30976ddd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c711704e0c356abd75d7309ace5ed093927685064608e7f357898acc01134347
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34A12236A101088FDF19EFA8D851FAE7BB0AB46320F140159F815AF3A2DB759D53CB91
                                                                                                                                                                                                                          Function 00A2344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00AF1418,?,00A22E7F,?,?,?,00000000), ref: 00A23A78
                                                                                                                                                                                                                            • Part of subcall function 00A23357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A23379
                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00A2356A
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00A6318D
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00A631CE
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00A63210
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A63277
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A63286
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                          • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                          • API String ID: 98802146-2727554177
                                                                                                                                                                                                                          • Opcode ID: c724e580fa04597d46a4a83f9f889823af076fb342858a48804fb7ce2816786a
                                                                                                                                                                                                                          • Instruction ID: ff558b92f5e0605720cd99ff8e70eba0e05d8cf91df5f0f80b973cc8c3c130e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c724e580fa04597d46a4a83f9f889823af076fb342858a48804fb7ce2816786a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A47190B24053019FC714EFA9ED81AABBBF8FF95740F400A2DF5458B161EB349A4ACB51
                                                                                                                                                                                                                          Function 00A22B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00A22B8E
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00A22B9D
                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00A22BB3
                                                                                                                                                                                                                          • LoadIconW.USER32(000000A4), ref: 00A22BC5
                                                                                                                                                                                                                          • LoadIconW.USER32(000000A2), ref: 00A22BD7
                                                                                                                                                                                                                          • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00A22BEF
                                                                                                                                                                                                                          • RegisterClassExW.USER32(?), ref: 00A22C40
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: GetSysColorBrush.USER32(0000000F), ref: 00A22D07
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: RegisterClassExW.USER32(00000030), ref: 00A22D31
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00A22D42
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: InitCommonControlsEx.COMCTL32(?), ref: 00A22D5F
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00A22D6F
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: LoadIconW.USER32(000000A9), ref: 00A22D85
                                                                                                                                                                                                                            • Part of subcall function 00A22CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00A22D94
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                          • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                          • API String ID: 423443420-4155596026
                                                                                                                                                                                                                          • Opcode ID: f8c9b6a217649883991e35bc66324874a544224259b3a5aef051ce5e8c96f9d8
                                                                                                                                                                                                                          • Instruction ID: f9b50538e82773be11ae446c019c77afaf862c1a3f1cdd88a2707c5ece2be9f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8c9b6a217649883991e35bc66324874a544224259b3a5aef051ce5e8c96f9d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0211A71E00315EBDB50DFE6EC59EA9BFB4FB48B54F00022AE500AB6A1D7B14546CF90
                                                                                                                                                                                                                          Function 00A23170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 598 a23170-a23185 599 a23187-a2318a 598->599 600 a231e5-a231e7 598->600 602 a231eb 599->602 603 a2318c-a23193 599->603 600->599 601 a231e9 600->601 604 a231d0-a231d8 DefWindowProcW 601->604 605 a231f1-a231f6 602->605 606 a62dfb-a62e23 call a218e2 call a3e499 602->606 607 a23265-a2326d PostQuitMessage 603->607 608 a23199-a2319e 603->608 609 a231de-a231e4 604->609 611 a231f8-a231fb 605->611 612 a2321d-a23244 SetTimer RegisterWindowMessageW 605->612 641 a62e28-a62e2f 606->641 610 a23219-a2321b 607->610 614 a231a4-a231a8 608->614 615 a62e7c-a62e90 call a8bf30 608->615 610->609 620 a23201-a2320f KillTimer call a230f2 611->620 621 a62d9c-a62d9f 611->621 612->610 616 a23246-a23251 CreatePopupMenu 612->616 617 a231ae-a231b3 614->617 618 a62e68-a62e72 call a8c161 614->618 615->610 634 a62e96 615->634 616->610 624 a62e4d-a62e54 617->624 625 a231b9-a231be 617->625 639 a62e77 618->639 638 a23214 call a23c50 620->638 627 a62dd7-a62df6 MoveWindow 621->627 628 a62da1-a62da5 621->628 624->604 637 a62e5a-a62e63 call a80ad7 624->637 632 a23253-a23263 call a2326f 625->632 633 a231c4-a231ca 625->633 627->610 635 a62dc6-a62dd2 SetFocus 628->635 636 a62da7-a62daa 628->636 632->610 633->604 633->641 634->604 635->610 636->633 642 a62db0-a62dc1 call a218e2 636->642 637->604 638->610 639->610 641->604 646 a62e35-a62e48 call a230f2 call a23837 641->646 642->610 646->604
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00A2316A,?,?), ref: 00A231D8
                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?,?,?,?,00A2316A,?,?), ref: 00A23204
                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A23227
                                                                                                                                                                                                                          • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00A2316A,?,?), ref: 00A23232
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00A23246
                                                                                                                                                                                                                          • PostQuitMessage.USER32(00000000), ref: 00A23267
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                          • String ID: TaskbarCreated
                                                                                                                                                                                                                          • API String ID: 129472671-2362178303
                                                                                                                                                                                                                          • Opcode ID: 7c66081bb731701ab1a07d6ee06991ce8e99edcf456e06defd8d8d18c0e5af32
                                                                                                                                                                                                                          • Instruction ID: bd47981844a75a4a7d8f1ef45d0c480af96da98c5300d0b5dd7a6d641c7de888
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c66081bb731701ab1a07d6ee06991ce8e99edcf456e06defd8d8d18c0e5af32
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8410637240228E7DF149BFCAD4DBB93A39EB17350F040235F6419A1A2DB6ACA41D7A1
                                                                                                                                                                                                                          Function 00A21410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 654 a21410-a21449 655 a2144f-a21465 mciSendStringW 654->655 656 a624b8-a624b9 DestroyWindow 654->656 657 a216c6-a216d3 655->657 658 a2146b-a21473 655->658 659 a624c4-a624d1 656->659 661 a216d5-a216f0 UnregisterHotKey 657->661 662 a216f8-a216ff 657->662 658->659 660 a21479-a21488 call a2182e 658->660 663 a624d3-a624d6 659->663 664 a62500-a62507 659->664 675 a6250e-a6251a 660->675 676 a2148e-a21496 660->676 661->662 666 a216f2-a216f3 call a210d0 661->666 662->658 667 a21705 662->667 668 a624e2-a624e5 FindClose 663->668 669 a624d8-a624e0 call a26246 663->669 664->659 672 a62509 664->672 666->662 667->657 674 a624eb-a624f8 668->674 669->674 672->675 674->664 678 a624fa-a624fb call a932b1 674->678 681 a62524-a6252b 675->681 682 a6251c-a6251e FreeLibrary 675->682 679 a62532-a6253f 676->679 680 a2149c-a214c1 call a2cfa0 676->680 678->664 684 a62566-a6256d 679->684 685 a62541-a6255e VirtualFree 679->685 692 a214c3 680->692 693 a214f8-a21503 CoUninitialize 680->693 681->675 683 a6252d 681->683 682->681 683->679 684->679 689 a6256f 684->689 685->684 688 a62560-a62561 call a93317 685->688 688->684 694 a62574-a62578 689->694 696 a214c6-a214f6 call a21a05 call a219ae 692->696 693->694 695 a21509-a2150e 693->695 694->695 699 a6257e-a62584 694->699 697 a21514-a2151e 695->697 698 a62589-a62596 call a932eb 695->698 696->693 701 a21707-a21714 call a3f80e 697->701 702 a21524-a215a5 call a2988f call a21944 call a217d5 call a3fe14 call a2177c call a2988f call a2cfa0 call a217fe call a3fe14 697->702 710 a62598 698->710 699->695 701->702 715 a2171a 701->715 716 a6259d-a625bf call a3fdcd 702->716 744 a215ab-a215cf call a3fe14 702->744 710->716 715->701 722 a625c1 716->722 725 a625c6-a625e8 call a3fdcd 722->725 732 a625ea 725->732 735 a625ef-a62611 call a3fdcd 732->735 740 a62613 735->740 743 a62618-a62625 call a864d4 740->743 749 a62627 743->749 744->725 750 a215d5-a215f9 call a3fe14 744->750 752 a6262c-a62639 call a3ac64 749->752 750->735 755 a215ff-a21619 call a3fe14 750->755 759 a6263b 752->759 755->743 760 a2161f-a21643 call a217d5 call a3fe14 755->760 762 a62640-a6264d call a93245 759->762 760->752 769 a21649-a21651 760->769 768 a6264f 762->768 770 a62654-a62661 call a932cc 768->770 769->762 771 a21657-a21675 call a2988f call a2190a 769->771 776 a62663 770->776 771->770 780 a2167b-a21689 771->780 779 a62668-a62675 call a932cc 776->779 785 a62677 779->785 780->779 782 a2168f-a216c5 call a2988f * 3 call a21876 780->782 785->785
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00A21459
                                                                                                                                                                                                                          • CoUninitialize.COMBASE ref: 00A214F8
                                                                                                                                                                                                                          • UnregisterHotKey.USER32(?), ref: 00A216DD
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00A624B9
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00A6251E
                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A6254B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                          • String ID: close all
                                                                                                                                                                                                                          • API String ID: 469580280-3243417748
                                                                                                                                                                                                                          • Opcode ID: 344a8ee2e5764da4f4cfa8beedabf85141fb77de484d26c847d225088862671b
                                                                                                                                                                                                                          • Instruction ID: 09cdfbdcb056566998294a8181f0c0ef05382d74b4a4723bdab3fdcb23db77c7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 344a8ee2e5764da4f4cfa8beedabf85141fb77de484d26c847d225088862671b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DD17B317012228FDB29EF18D599B69F7B4BF15710F2442ADE44A6B262DB30AD12CF91
                                                                                                                                                                                                                          Function 00A22C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 803 a22c63-a22cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00A22C91
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00A22CB2
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A21CAD,?), ref: 00A22CC6
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,?,?,?,?,?,?,00A21CAD,?), ref: 00A22CCF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CreateShow
                                                                                                                                                                                                                          • String ID: AutoIt v3$edit
                                                                                                                                                                                                                          • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                          • Opcode ID: 6bfc2319922692422fe25cf06adee5e65b525a3800619bb4c4c11833de6419fa
                                                                                                                                                                                                                          • Instruction ID: 391c94dff205899a736b5cc90ecc71fd5204bbd93599e8c755ca0e4903ab9d53
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bfc2319922692422fe25cf06adee5e65b525a3800619bb4c4c11833de6419fa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF0DA7A540290BAEB719797AC0CEB72EBDD7C7F70B00015AF900AB5A1D6611852DAB0
                                                                                                                                                                                                                          Function 00A23B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 954 a23b1c-a23b27 955 a23b99-a23b9b 954->955 956 a23b29-a23b2e 954->956 957 a23b8c-a23b8f 955->957 956->955 958 a23b30-a23b48 RegOpenKeyExW 956->958 958->955 959 a23b4a-a23b69 RegQueryValueExW 958->959 960 a23b80-a23b8b RegCloseKey 959->960 961 a23b6b-a23b76 959->961 960->957 962 a23b90-a23b97 961->962 963 a23b78-a23b7a 961->963 964 a23b7e 962->964 963->964 964->960
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00A23B0F,SwapMouseButtons,00000004,?), ref: 00A23B40
                                                                                                                                                                                                                          • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00A23B0F,SwapMouseButtons,00000004,?), ref: 00A23B61
                                                                                                                                                                                                                          • RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00A23B0F,SwapMouseButtons,00000004,?), ref: 00A23B83
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                          • String ID: Control Panel\Mouse
                                                                                                                                                                                                                          • API String ID: 3677997916-824357125
                                                                                                                                                                                                                          • Opcode ID: 75164c5ed6ac0b9884f1c127c4a7b3293771bf3abd4d98baba66453729fc554c
                                                                                                                                                                                                                          • Instruction ID: 619978ff00710dd88524384259e26ec41459e53dead0efe98abccdda155b7282
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 75164c5ed6ac0b9884f1c127c4a7b3293771bf3abd4d98baba66453729fc554c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48112AB6511218FFDF20CFA9EC44EAEB7B8EF05754B104569B806D7120E2759E419B60
                                                                                                                                                                                                                          Function 00A23923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00A633A2
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A23A04
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                          • String ID: Line:
                                                                                                                                                                                                                          • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                          • Opcode ID: 7e43f793dccc18cb2f92fdc501c570b6d8fbd56a16dc1f6eb73d029b61cad1a1
                                                                                                                                                                                                                          • Instruction ID: ef66c78e5ef91933bde40a783486475f99344d5eae5ebb7160846fd26989cf9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e43f793dccc18cb2f92fdc501c570b6d8fbd56a16dc1f6eb73d029b61cad1a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A31F672508324AACB25EB58ED45FEB73E8AF46710F000A3AF59987191DB749649C7C2
                                                                                                                                                                                                                          Function 00A3FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00A40668
                                                                                                                                                                                                                            • Part of subcall function 00A432A4: RaiseException.KERNEL32(?,?,?,00A4068A,?,00AF1444,?,?,?,?,?,?,00A4068A,00A21129,00AE8738,00A21129), ref: 00A43304
                                                                                                                                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00A40685
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                          • String ID: Unknown exception
                                                                                                                                                                                                                          • API String ID: 3476068407-410509341
                                                                                                                                                                                                                          • Opcode ID: e067a35b469786ada5a2472c982c3d3121f00b246d345f413cac779183b2df90
                                                                                                                                                                                                                          • Instruction ID: f6a789cb1c867b25c90061a5b69ecafa73a3eb368da1eed790daee6c1829f805
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e067a35b469786ada5a2472c982c3d3121f00b246d345f413cac779183b2df90
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 29F0C23C90030DBB8F00BB64E94AD9EB77CAE90354B604531BA18D6596EFB1DA25D981
                                                                                                                                                                                                                          Function 00A210F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A21BF4
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00A21BFC
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A21C07
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A21C12
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00A21C1A
                                                                                                                                                                                                                            • Part of subcall function 00A21BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00A21C22
                                                                                                                                                                                                                            • Part of subcall function 00A21B4A: RegisterWindowMessageW.USER32(00000004,?,00A212C4), ref: 00A21BA2
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00A2136A
                                                                                                                                                                                                                          • OleInitialize.OLE32 ref: 00A21388
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,00000000), ref: 00A624AB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1986988660-0
                                                                                                                                                                                                                          • Opcode ID: 2b3d0b61c7b4145690b38e4b63ab9c0a9ce4d41ebd9309441c235b10c3631acf
                                                                                                                                                                                                                          • Instruction ID: 92edbc33922ed63aae15f116f483fd327b5630b3c4175f982a8b811fcaf00441
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b3d0b61c7b4145690b38e4b63ab9c0a9ce4d41ebd9309441c235b10c3631acf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2271AEB4911204CFD384EFFAAA45A753AE4FBA8394754823AE11ACB361EB314447CF80
                                                                                                                                                                                                                          Function 00A8C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00A23A04
                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00A8C259
                                                                                                                                                                                                                          • KillTimer.USER32(?,00000001,?,?), ref: 00A8C261
                                                                                                                                                                                                                          • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00A8C270
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3500052701-0
                                                                                                                                                                                                                          • Opcode ID: 0eb8b9805b0571fb1cacb0d13d3673eece82cbe292697be6e8e07be7fed75139
                                                                                                                                                                                                                          • Instruction ID: f654fb1cc4a4d9366606bf854cb001b5627f6813e4b99a0d4e7acd344bcbb5ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0eb8b9805b0571fb1cacb0d13d3673eece82cbe292697be6e8e07be7fed75139
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5731C570904354AFEB62EFA48895BE7BBFC9B06314F00049AD1DA97282D7745A85CF61
                                                                                                                                                                                                                          Function 00A586AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNELBASE(00000000,00000000,?,?,00A585CC,?,00AE8CC8,0000000C), ref: 00A58704
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00A585CC,?,00AE8CC8,0000000C), ref: 00A5870E
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A58739
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2583163307-0
                                                                                                                                                                                                                          • Opcode ID: 497a8b4cef70c7ec5766ca6a2ad89f9608307f83cc29f0ae0653b4ed3b060aa4
                                                                                                                                                                                                                          • Instruction ID: 5e62b49423e012f5e8c46b3214cbf52e0c7c3e8a87b8cc73e92fab4500035242
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 497a8b4cef70c7ec5766ca6a2ad89f9608307f83cc29f0ae0653b4ed3b060aa4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 31016B32A052201BD360A374A955B7E67496F82776F390219FC08AF0E3DEB88C89C250
                                                                                                                                                                                                                          Function 00A2DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00A2DB7B
                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00A2DB89
                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A2DB9F
                                                                                                                                                                                                                          • Sleep.KERNELBASE(0000000A), ref: 00A2DBB1
                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,?,?), ref: 00A71CC9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3288985973-0
                                                                                                                                                                                                                          • Opcode ID: 3a5a11c3860a5cb2e73f7feede534027ea3b565527411d6291914f54d5c7471b
                                                                                                                                                                                                                          • Instruction ID: 3cdcdf046e44926026845c05d850be4fb22292e420a1e6f858d1a8c3ff8daa5a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a5a11c3860a5cb2e73f7feede534027ea3b565527411d6291914f54d5c7471b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CAF0FE306443449BE730CBE49D99FEA77E8EB45350F108A29F65AD30D1DB309589CB65
                                                                                                                                                                                                                          Function 00A31310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00A317F6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Init_thread_footer
                                                                                                                                                                                                                          • String ID: CALL
                                                                                                                                                                                                                          • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                          • Opcode ID: 0e889c67b457d05180da6ab50e8b9d366079af8d2a3f12c10e98f17efac9a7e0
                                                                                                                                                                                                                          • Instruction ID: bfb405e47438a3dd6d3644196c069814b3938a13f7b56b4ebf1351f93c2ac581
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e889c67b457d05180da6ab50e8b9d366079af8d2a3f12c10e98f17efac9a7e0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87227B706083019FC714DF14C985B2ABBF1BF89314F28896DF49A8B362D775E945CB92
                                                                                                                                                                                                                          Function 00A22DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(?), ref: 00A62C8C
                                                                                                                                                                                                                            • Part of subcall function 00A23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A23A97,?,?,00A22E7F,?,?,?,00000000), ref: 00A23AC2
                                                                                                                                                                                                                            • Part of subcall function 00A22DA5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A22DC4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                          • API String ID: 779396738-3081909835
                                                                                                                                                                                                                          • Opcode ID: 7188ece5a5549476c80c1fcc40cee93f883c9b3bd222907da275af8687fb0694
                                                                                                                                                                                                                          • Instruction ID: 40f300e9b4410ea10d095d08e28e332a350eed261430a9c864367414f492913a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7188ece5a5549476c80c1fcc40cee93f883c9b3bd222907da275af8687fb0694
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E421A871A002989FCF05EF98D945BEE7BF89F59314F004069E405B7241DBB856498FA1
                                                                                                                                                                                                                          Function 00A23837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A23908
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                          • Opcode ID: e6a5bb1afe6daf7535db798e741fabd40b489479fdb09349ddd75c79ed43de6c
                                                                                                                                                                                                                          • Instruction ID: 1ccf87362cf5991a7414edddbdb8cc7813819ec7053525c9269aa3c974817d89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6a5bb1afe6daf7535db798e741fabd40b489479fdb09349ddd75c79ed43de6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC31D571604311CFD760DFA8D884BA7BBF4FB4A318F00092EF5998B250E775AA45CB52
                                                                                                                                                                                                                          Function 00A3F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 00A3F661
                                                                                                                                                                                                                            • Part of subcall function 00A2D730: GetInputState.USER32 ref: 00A2D807
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00A7F2DE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4149333218-0
                                                                                                                                                                                                                          • Opcode ID: 0acffcf4367f19659e8d2eb4b9946429f1d9f19ace6493b0418cd015925b299f
                                                                                                                                                                                                                          • Instruction ID: 45e2d75c57bb743b12ca4e5958dc5f013dc158e61064edba73a86dcc8757533e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0acffcf4367f19659e8d2eb4b9946429f1d9f19ace6493b0418cd015925b299f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF08C31240615AFD310EF69E949F6AB7E8EF45760F00413AE85ACB262DB70A800CBA0
                                                                                                                                                                                                                          Function 00A24ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A24E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A24EDD,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E9C
                                                                                                                                                                                                                            • Part of subcall function 00A24E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A24EAE
                                                                                                                                                                                                                            • Part of subcall function 00A24E90: FreeLibrary.KERNEL32(00000000,?,?,00A24EDD,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24EC0
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24EFD
                                                                                                                                                                                                                            • Part of subcall function 00A24E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A63CDE,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E62
                                                                                                                                                                                                                            • Part of subcall function 00A24E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A24E74
                                                                                                                                                                                                                            • Part of subcall function 00A24E59: FreeLibrary.KERNEL32(00000000,?,?,00A63CDE,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E87
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2632591731-0
                                                                                                                                                                                                                          • Opcode ID: 3af8f5e76e278fc740b0994d5ffe35e5a7e010109ce02234b92202ae952c62c6
                                                                                                                                                                                                                          • Instruction ID: 4d93be70482f0cc0f3055f69a4051fa2fbe0f603c748699b2517a8cdd2945212
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3af8f5e76e278fc740b0994d5ffe35e5a7e010109ce02234b92202ae952c62c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0011CA32610225AADF14FF78EE02FED77A5AF98B10F10843DF542A61D1DE709E459B50
                                                                                                                                                                                                                          Function 00A58402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __wsopen_s
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3347428461-0
                                                                                                                                                                                                                          • Opcode ID: 8a65d21d7e2a52503c54b1b5ecebe7ca65a71d1593face82f5a5071f7adc8921
                                                                                                                                                                                                                          • Instruction ID: bb407a360f1c17b374abddb935878a36ccd7a66e3e018613fd74af28f2846ae2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a65d21d7e2a52503c54b1b5ecebe7ca65a71d1593face82f5a5071f7adc8921
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B811187590410AAFCB05DF58E94199B7BF9FF48315F104059FC09AB312DA31DA15CBA5
                                                                                                                                                                                                                          Function 00A55000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A54C7D: RtlAllocateHeap.NTDLL(00000008,00A21129,00000000,?,00A52E29,00000001,00000364,?,?,?,00A4F2DE,00A53863,00AF1444,?,00A3FDF5,?), ref: 00A54CBE
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5506C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                                                                          • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                          • Instruction ID: 9a84987e5888728e72471f4dfee63733de0eca72d461a1d294ad94d77b539cf4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12014E726047045FE3318F65D841A5AFBECFBC9371F25052DE984932C0E6306909C774
                                                                                                                                                                                                                          Function 00A4E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                          • Instruction ID: 96e484bf5051a886452ad9f32bf11c223cac8b2c8ba7ae8caf5681c8f677a983
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27F0783A500A109AC7317B798E05B9BB39CBFD2332F110B15FC20A32C2CB74D80586A5
                                                                                                                                                                                                                          Function 00A54C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,00A21129,00000000,?,00A52E29,00000001,00000364,?,?,?,00A4F2DE,00A53863,00AF1444,?,00A3FDF5,?), ref: 00A54CBE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: 9d9ba78eb66a37c1815927f2227a2b35bfd1425fa3b9586b236f631c0de51685
                                                                                                                                                                                                                          • Instruction ID: 041ebdc64d27677b6711cf88444ad9927df073faf8c7931ef07396dc6ca68e12
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d9ba78eb66a37c1815927f2227a2b35bfd1425fa3b9586b236f631c0de51685
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64F0E93160733467DB215F639D05F5A3798BFC97BAB144211BC15AB292CA70D84986E0
                                                                                                                                                                                                                          Function 00A53820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6,?,00A21129), ref: 00A53852
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                          • Opcode ID: 739fbafaa1de76394ea19fcf77775c0f3450aac8d099428a169c83d57957867e
                                                                                                                                                                                                                          • Instruction ID: c63657b3b41879761dfbe76be9ce01882d827a450d09d85dea71c4cb6ade6544
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 739fbafaa1de76394ea19fcf77775c0f3450aac8d099428a169c83d57957867e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80E0E537102224B6DE352BB79D01B9A3658BBD27F2F050121BC14A7491CB71DD0581E0
                                                                                                                                                                                                                          Function 00A24F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24F6D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                          • Opcode ID: f9c286ac79c0d95024a1e76709ebfc3a5ea9d5142adfa7fa0e780a1b2ca26735
                                                                                                                                                                                                                          • Instruction ID: be0eafc8090c47c5dc86babb7ce0b5e134c24c2065f44a620d2d10227ab07520
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9c286ac79c0d95024a1e76709ebfc3a5ea9d5142adfa7fa0e780a1b2ca26735
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF03071105761CFDB349F68E690812B7F4FF587293108A7EE5EA82521C7319844DF10
                                                                                                                                                                                                                          Function 00AB2A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00AB2A66
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2353593579-0
                                                                                                                                                                                                                          • Opcode ID: aba6d69c2bbf1f0d2a8c0c599d3224689ffe21112fc6bcd6f7029fc4456f89a7
                                                                                                                                                                                                                          • Instruction ID: a64740b2bfced92b8035cb032e491cf855ed6b419f971af1fdc9c554b1af5b6f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aba6d69c2bbf1f0d2a8c0c599d3224689ffe21112fc6bcd6f7029fc4456f89a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32E04F36390116AACB14EB30DC909FA775CEF543D5710453BEC26C2111DB30999687A0
                                                                                                                                                                                                                          Function 00A230F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A2314E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconNotifyShell_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1144537725-0
                                                                                                                                                                                                                          • Opcode ID: 73bf1168f1eeb6b47662b03333bbb683b599180d4e005ac6736087827c8cfa9a
                                                                                                                                                                                                                          • Instruction ID: f18248246871f10493904f3e0279bfe6bbd30de1af124d97d9d85024ddf2d5a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 73bf1168f1eeb6b47662b03333bbb683b599180d4e005ac6736087827c8cfa9a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF037719143189FEB92DFA4DC4ABE57BBCA701708F0001E5A5489A192D7745B89CF51
                                                                                                                                                                                                                          Function 00A22DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00A22DC4
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 541455249-0
                                                                                                                                                                                                                          • Opcode ID: 461574be977332e12d4c7253790510def9cd9f9f44d91333d2672a685a6ce294
                                                                                                                                                                                                                          • Instruction ID: c6bec2ac073f3a8be8b0cb2137f63d7f5a539c3f1d6e4aecd89ada48941bbcd2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 461574be977332e12d4c7253790510def9cd9f9f44d91333d2672a685a6ce294
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09E0CD726001245BC720E2989C05FDA77EDDFC8794F040172FD09D7258D960AD808550
                                                                                                                                                                                                                          Function 00A22B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00A23908
                                                                                                                                                                                                                            • Part of subcall function 00A2D730: GetInputState.USER32 ref: 00A2D807
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A22B6B
                                                                                                                                                                                                                            • Part of subcall function 00A230F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00A2314E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3667716007-0
                                                                                                                                                                                                                          • Opcode ID: f40b8444d7d65a2dfe2669f01a32fedb4afd585f9691ef697996454b3004b688
                                                                                                                                                                                                                          • Instruction ID: 656d93a3eb03625250c6c0ec2101ba00218fa4f2e7484ebd924503bbd796e6ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f40b8444d7d65a2dfe2669f01a32fedb4afd585f9691ef697996454b3004b688
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE0262230422806CA04FBBCB91257DA3499BD2312F40053EF14247163CE2845468362
                                                                                                                                                                                                                          Function 00A6039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFileW.KERNELBASE(00000000,00000000,?,00A60704,?,?,00000000,?,00A60704,00000000,0000000C), ref: 00A603B7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                                                                          • Opcode ID: c31d3325a10421aaf38b6d96b0a2d184d27d498f8a82e47b7293cd9eeaeda0f0
                                                                                                                                                                                                                          • Instruction ID: 80cc298b8e5986c8d11e7afaf5753ec1022d6d85bf01a3d0cd9aca2914f7342a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c31d3325a10421aaf38b6d96b0a2d184d27d498f8a82e47b7293cd9eeaeda0f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DED06C3204010DBBDF028F84ED06EDA3BAAFB48714F014100BE1866021C732E832AB90
                                                                                                                                                                                                                          Function 00A21CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00A21CBC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InfoParametersSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3098949447-0
                                                                                                                                                                                                                          • Opcode ID: 59bc421b9b53ddb2b398b761d933a618c847df8d075222ff8c28fb550737522c
                                                                                                                                                                                                                          • Instruction ID: bc55fb1a7eec83695cf77cdcf052e87a90582e959521c0546413c12d6066227f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59bc421b9b53ddb2b398b761d933a618c847df8d075222ff8c28fb550737522c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CC092362C0305EFF224CBC0BC4EF207764A348B14F048201F609AA5F3C3A22822EB60

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00AB9576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00AB961A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AB965B
                                                                                                                                                                                                                          • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00AB969F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AB96C9
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB96F2
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00AB978B
                                                                                                                                                                                                                          • GetKeyState.USER32(00000009), ref: 00AB9798
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00AB97AE
                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 00AB97B8
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00AB97E9
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB9810
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001030,?,00AB7E95), ref: 00AB9918
                                                                                                                                                                                                                          • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00AB992E
                                                                                                                                                                                                                          • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00AB9941
                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 00AB994A
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00AB99AF
                                                                                                                                                                                                                          • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00AB99BC
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AB99D6
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00AB99E1
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB9A19
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB9A26
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AB9A80
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB9AAE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AB9AEB
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB9B1A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00AB9B3B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00AB9B4A
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB9B68
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB9B75
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00AB9B93
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001012,00000000,?), ref: 00AB9BFA
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB9C2B
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00AB9C84
                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00AB9CB4
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00AB9CDE
                                                                                                                                                                                                                          • SendMessageW.USER32 ref: 00AB9D01
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00AB9D4E
                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00AB9D82
                                                                                                                                                                                                                            • Part of subcall function 00A39944: GetWindowLongW.USER32(?,000000EB), ref: 00A39952
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB9E05
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                          • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                          • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                          • Opcode ID: 404fcefe701cee680a22a59ebd9729a5506281e54d207bcc4a377e9eb0991a6b
                                                                                                                                                                                                                          • Instruction ID: f0006bee26c11c4a412d28284e94deef8d6acf06c84e10792ad1482234adb336
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 404fcefe701cee680a22a59ebd9729a5506281e54d207bcc4a377e9eb0991a6b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14428A34204251AFDB24CF68CC94EABBBE9FF49320F104619F699872B2D771E851DB91
                                                                                                                                                                                                                          Function 00AB4873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00AB48F3
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00AB4908
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00AB4927
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00AB494B
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00AB495C
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00AB497B
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00AB49AE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00AB49D4
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00AB4A0F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AB4A56
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00AB4A7E
                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00AB4A97
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AB4AF2
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00AB4B20
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB4B94
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00AB4BE3
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00AB4C82
                                                                                                                                                                                                                          • wsprintfW.USER32 ref: 00AB4CAE
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AB4CC9
                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AB4CF1
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00AB4D13
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AB4D33
                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,00000000,00000001), ref: 00AB4D5A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                          • String ID: %d/%02d/%02d
                                                                                                                                                                                                                          • API String ID: 4054740463-328681919
                                                                                                                                                                                                                          • Opcode ID: d5b95fcd29aeff88ffbb4060880f1b31566bb10d7eee9d88cceb58aaff697600
                                                                                                                                                                                                                          • Instruction ID: 51c63972e2dffa5224d668e7bacfcc48e3b6a31f3ecb5b839e113f08bf50e634
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5b95fcd29aeff88ffbb4060880f1b31566bb10d7eee9d88cceb58aaff697600
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D12AC71600254ABEB258F68CD49FEE7BB8EF49710F104229F516EB2A3DB789941CB50
                                                                                                                                                                                                                          Function 00A3F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00A3F998
                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A7F474
                                                                                                                                                                                                                          • IsIconic.USER32(00000000), ref: 00A7F47D
                                                                                                                                                                                                                          • ShowWindow.USER32(00000000,00000009), ref: 00A7F48A
                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 00A7F494
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A7F4AA
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00A7F4B1
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00A7F4BD
                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A7F4CE
                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001), ref: 00A7F4D6
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00A7F4DE
                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 00A7F4E1
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7F4F6
                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00A7F501
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7F50B
                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00A7F510
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7F519
                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00A7F51E
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A7F528
                                                                                                                                                                                                                          • keybd_event.USER32(00000012,00000000), ref: 00A7F52D
                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 00A7F530
                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00A7F557
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                          • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                          • Opcode ID: f2400869f884ff2dc20044b54b5097836d7a8267d02d8c02e48dc7364ea9b28e
                                                                                                                                                                                                                          • Instruction ID: b28d99789175cd78503703a719b81e74b6cf671c4b5d21d14394fa4ff45a320e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2400869f884ff2dc20044b54b5097836d7a8267d02d8c02e48dc7364ea9b28e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B316871A802187FEB30ABF59C49FBF7E7CEB44B60F104165FA05E61E2D6B15D01AA60
                                                                                                                                                                                                                          Function 00A81201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8170D
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A8173A
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: GetLastError.KERNEL32 ref: 00A8174A
                                                                                                                                                                                                                          • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00A81286
                                                                                                                                                                                                                          • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00A812A8
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00A812B9
                                                                                                                                                                                                                          • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00A812D1
                                                                                                                                                                                                                          • GetProcessWindowStation.USER32 ref: 00A812EA
                                                                                                                                                                                                                          • SetProcessWindowStation.USER32(00000000), ref: 00A812F4
                                                                                                                                                                                                                          • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00A81310
                                                                                                                                                                                                                            • Part of subcall function 00A810BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A811FC), ref: 00A810D4
                                                                                                                                                                                                                            • Part of subcall function 00A810BF: CloseHandle.KERNEL32(?,?,00A811FC), ref: 00A810E9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                          • String ID: $default$winsta0
                                                                                                                                                                                                                          • API String ID: 22674027-1027155976
                                                                                                                                                                                                                          • Opcode ID: 929478f2e63a16123a93c7c64848f0fb1fade13a49aa9507f26d85ad57d442a6
                                                                                                                                                                                                                          • Instruction ID: 043f4cd54e187342da650a9292205a44e7ba81ab2ed69116f96230c2f0b0f197
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 929478f2e63a16123a93c7c64848f0fb1fade13a49aa9507f26d85ad57d442a6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A18179B1A00209ABDF21EFA4DD49FEE7BBDFF04714F144229F911A61A1D7318946CB20
                                                                                                                                                                                                                          Function 00A80B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81114
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81120
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A8112F
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81136
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A8114D
                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A80BCC
                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A80C00
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00A80C17
                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00A80C51
                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A80C6D
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00A80C84
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A80C8C
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00A80C93
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A80CB4
                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00A80CBB
                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A80CEA
                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A80D0C
                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A80D1E
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80D45
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80D4C
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80D55
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80D5C
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80D65
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80D6C
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00A80D78
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80D7F
                                                                                                                                                                                                                            • Part of subcall function 00A81193: GetProcessHeap.KERNEL32(00000008,00A80BB1,?,00000000,?,00A80BB1,?), ref: 00A811A1
                                                                                                                                                                                                                            • Part of subcall function 00A81193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A80BB1,?), ref: 00A811A8
                                                                                                                                                                                                                            • Part of subcall function 00A81193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A80BB1,?), ref: 00A811B7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                          • Opcode ID: 92aa71e7dae9fde356fd340a646826704656acac616b0f5ba8d027823e2b5a3c
                                                                                                                                                                                                                          • Instruction ID: f65fbca390b2d712c14b7879afcc0d390141532a24a43445fc4887f2a41a2a0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92aa71e7dae9fde356fd340a646826704656acac616b0f5ba8d027823e2b5a3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E715CB290021AAFDF50EFE4DC44FAEBBB8BF04310F144615F915A71A2D771A90ACB60
                                                                                                                                                                                                                          Function 00A9EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenClipboard.USER32(00ABCC08), ref: 00A9EB29
                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000D), ref: 00A9EB37
                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 00A9EB43
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00A9EB4F
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00A9EB87
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00A9EB91
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00A9EBBC
                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(00000001), ref: 00A9EBC9
                                                                                                                                                                                                                          • GetClipboardData.USER32(00000001), ref: 00A9EBD1
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00A9EBE2
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00A9EC22
                                                                                                                                                                                                                          • IsClipboardFormatAvailable.USER32(0000000F), ref: 00A9EC38
                                                                                                                                                                                                                          • GetClipboardData.USER32(0000000F), ref: 00A9EC44
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00A9EC55
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00A9EC77
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A9EC94
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00A9ECD2
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00A9ECF3
                                                                                                                                                                                                                          • CountClipboardFormats.USER32 ref: 00A9ED14
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00A9ED59
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 420908878-0
                                                                                                                                                                                                                          • Opcode ID: 1d682192d25232b2ad691382853c95cc91951666c96eea811072fe863d972d30
                                                                                                                                                                                                                          • Instruction ID: f31c6f0937071ed7c776d5dd7c1509da0f698b54b12f2ef8e346c17df3289deb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d682192d25232b2ad691382853c95cc91951666c96eea811072fe863d972d30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0761E235204202AFDB00EF68D895F6A77E8EF84724F04462DF4569B2A3DB31DD46CB62
                                                                                                                                                                                                                          Function 00A9698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A969BE
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A96A12
                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A96A4E
                                                                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00A96A75
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A96AB2
                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00A96ADF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                          • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                          • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                          • Opcode ID: bd6a6cc5ce70275041d18900562c8a2af9e6d20fde4454c734383e117e2b4d84
                                                                                                                                                                                                                          • Instruction ID: 08358028f5fe9614ff0b7c3c560e384d9a32802f0569ff90462887beac9f0e93
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bd6a6cc5ce70275041d18900562c8a2af9e6d20fde4454c734383e117e2b4d84
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3D150B1508350AFC714EBA4DA91EAFB7ECBF88704F44492DF585C6191EB34DA44CB62
                                                                                                                                                                                                                          Function 00A99642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00A99663
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00A996A1
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,?), ref: 00A996BB
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00A996D3
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A996DE
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00A996FA
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A9974A
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00AE6B7C), ref: 00A99768
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A99772
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A9977F
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A9978F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 1409584000-438819550
                                                                                                                                                                                                                          • Opcode ID: 259a17af48b3b0f7dc0b6aa417f53f73fd432df1e3bbc8cef5687f2fbe98d825
                                                                                                                                                                                                                          • Instruction ID: 01016f6188b2d0564e53e5005c645af4a926cf046725564b848f2383a4ff1d1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 259a17af48b3b0f7dc0b6aa417f53f73fd432df1e3bbc8cef5687f2fbe98d825
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C631BD326406197BDF14EFF9DC48EDF77ECAF49320F14466AE905E21A1EB70DA418A20
                                                                                                                                                                                                                          Function 00A9979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?,771A8FB0,?,00000000), ref: 00A997BE
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00A99819
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A99824
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(*.*,?), ref: 00A99840
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A99890
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(00AE6B7C), ref: 00A998AE
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A998B8
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A998C5
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A998D5
                                                                                                                                                                                                                            • Part of subcall function 00A8DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00A8DB00
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 2640511053-438819550
                                                                                                                                                                                                                          • Opcode ID: be18bec40267d4b7a680f7f0c23c81e69b5dbae090ad8b3def6443dac9898b0a
                                                                                                                                                                                                                          • Instruction ID: 1411a331067d1903480504d8c2c1197ef1d3db0fde6732a04e02979a235f4fac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be18bec40267d4b7a680f7f0c23c81e69b5dbae090ad8b3def6443dac9898b0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2631C3326406197BDF10EFB9DC48EDF77ECAF46320F14865EE814A21A1EB70D9858A60
                                                                                                                                                                                                                          Function 00AABE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAB6AE,?,?), ref: 00AAC9B5
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AAC9F1
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA68
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA9E
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AABF3E
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00AABFA9
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AABFCD
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00AAC02C
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00AAC0E7
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AAC154
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AAC1E9
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00AAC23A
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00AAC2E3
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00AAC382
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AAC38F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3102970594-0
                                                                                                                                                                                                                          • Opcode ID: db5cfb43b1235717b0d71cda0212cbc8c8613eb37597d906bd5795ee6bc12a68
                                                                                                                                                                                                                          • Instruction ID: cd30e5e97692e0b2011a76a131022f0d178ce523b2d33f2eb65baf1d12e50061
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db5cfb43b1235717b0d71cda0212cbc8c8613eb37597d906bd5795ee6bc12a68
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B025D71604210AFD714DF28C991E2ABBE5EF49314F1884ADF84ADF2A2D731ED45CB61
                                                                                                                                                                                                                          Function 00A98195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00A98257
                                                                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00A98267
                                                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A98273
                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A98310
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98324
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98356
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A9838C
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98395
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 1464919966-438819550
                                                                                                                                                                                                                          • Opcode ID: ffc2da28af860427c8329f6839bd5db108ec3644e02b6d6dec62ace8712244f7
                                                                                                                                                                                                                          • Instruction ID: 6587dc5ad65abb7d2fc383e730f5ab7d494ae29306328517e5ab91b2e7375f9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffc2da28af860427c8329f6839bd5db108ec3644e02b6d6dec62ace8712244f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11617A766043059FCB10EF64D9809AFB3E8FF89320F04492EF99997251DB35E905CB92
                                                                                                                                                                                                                          Function 00A8D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A23A97,?,?,00A22E7F,?,?,?,00000000), ref: 00A23AC2
                                                                                                                                                                                                                            • Part of subcall function 00A8E199: GetFileAttributesW.KERNEL32(?,00A8CF95), ref: 00A8E19A
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A8D122
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00A8D1DD
                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00A8D1F0
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A8D20D
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A8D237
                                                                                                                                                                                                                            • Part of subcall function 00A8D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00A8D21C,?,?), ref: 00A8D2B2
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?,?), ref: 00A8D253
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A8D264
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                          • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                          • Opcode ID: 7b4f9819150b7c6b55625e0ceeaab5bb52d7e0bdbc02e4c56283c308716adf29
                                                                                                                                                                                                                          • Instruction ID: 0872783626665757742618f5e2ee77d0d854093df8840f876cb89cca80b84006
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b4f9819150b7c6b55625e0ceeaab5bb52d7e0bdbc02e4c56283c308716adf29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6614B31C0111DABCF05FBE4EA929EEB7B5AF55300F244169E406771A2EB31AF09DB61
                                                                                                                                                                                                                          Function 00A9ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1737998785-0
                                                                                                                                                                                                                          • Opcode ID: 6e7befe4d8377e2ec62b1f51ac8b7c730bb5471ba0379adea4d111a429b1fae0
                                                                                                                                                                                                                          • Instruction ID: 87a2290f8288f11197beabd83579815f7314d6979d69a42e49691f259b7e0476
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e7befe4d8377e2ec62b1f51ac8b7c730bb5471ba0379adea4d111a429b1fae0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F418D35604611AFEB20DF59E888F19BBE5FF44328F14C199E4158B663C735EC42CB90
                                                                                                                                                                                                                          Function 00A8E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8170D
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A8173A
                                                                                                                                                                                                                            • Part of subcall function 00A816C3: GetLastError.KERNEL32 ref: 00A8174A
                                                                                                                                                                                                                          • ExitWindowsEx.USER32(?,00000000), ref: 00A8E932
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                          • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                          • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                          • Opcode ID: 651059d8df619a6ece809c4ffdb938db8efaea9bfcd1e9a345cbd4ff79328fd9
                                                                                                                                                                                                                          • Instruction ID: b33ba674266f468892d24bca9be28bc7e33836ce5ced72d68df5b135f3806f5d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 651059d8df619a6ece809c4ffdb938db8efaea9bfcd1e9a345cbd4ff79328fd9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E701F972610211EBEB64B7B49C86FBFB26CA714760F154921FC13E21E2E6E09C4183A0
                                                                                                                                                                                                                          Function 00AA1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00AA1276
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1283
                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00AA12BA
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA12C5
                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00AA12F4
                                                                                                                                                                                                                          • listen.WSOCK32(00000000,00000005), ref: 00AA1303
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA130D
                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00AA133C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 540024437-0
                                                                                                                                                                                                                          • Opcode ID: 090c840d47945e6ec8d162c6642dc6aa7ff11500e340e2582125e747253b728f
                                                                                                                                                                                                                          • Instruction ID: dd6070e29a5114cfd4b0bf81b78298ae441969e012c20bd97a675bd1c7e9ec9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 090c840d47945e6ec8d162c6642dc6aa7ff11500e340e2582125e747253b728f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF418431600210AFD710DF68D584B69BBE5AF46328F188198D8569F2E3C771ED86CBE1
                                                                                                                                                                                                                          Function 00A5B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5B9D4
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5B9F8
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5BB7F
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AC3700), ref: 00A5BB91
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A5BC09
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF1270,000000FF,?,0000003F,00000000,?), ref: 00A5BC36
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5BD4B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 314583886-0
                                                                                                                                                                                                                          • Opcode ID: 881945b6cd8b23e1624a407502fec1c83fc0389396be0e73e53db4a08375852d
                                                                                                                                                                                                                          • Instruction ID: 1a4e831b50604911ef63ff63d6b1d5a924e7d97f981f93c20c62dcfb0f426d7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 881945b6cd8b23e1624a407502fec1c83fc0389396be0e73e53db4a08375852d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96C12971914204EFCB10DFA88D41BAA7BB8FF45363F1441AAED90DB252E7308E49C760
                                                                                                                                                                                                                          Function 00A8D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A23A97,?,?,00A22E7F,?,?,?,00000000), ref: 00A23AC2
                                                                                                                                                                                                                            • Part of subcall function 00A8E199: GetFileAttributesW.KERNEL32(?,00A8CF95), ref: 00A8E19A
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A8D420
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?), ref: 00A8D470
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010), ref: 00A8D481
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A8D498
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A8D4A1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                          • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                          • Opcode ID: 542e985f795ff5093c0825a834b47e98ff5ea9e57a9621cf568b98c8fc76824a
                                                                                                                                                                                                                          • Instruction ID: b1d1f66a9f1b4c8598684ed0dd89b0f4cdaacd6f32e81a1d32a3c804a094776b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 542e985f795ff5093c0825a834b47e98ff5ea9e57a9621cf568b98c8fc76824a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C317031008355ABC704FF64D9518AFB7E8BEA1310F444E2DF4D5531A2EB30AA09CB63
                                                                                                                                                                                                                          Function 00A5E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                          • Opcode ID: 5233667b9b29c0dac61efe0ace9dae6e907e4a845cf43b4bcfdca5cf83b417a0
                                                                                                                                                                                                                          • Instruction ID: c0a0021447d865162a4ee723867d0aac640d5a7d9e6ac52e7c0d27d0b74bcb3e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5233667b9b29c0dac61efe0ace9dae6e907e4a845cf43b4bcfdca5cf83b417a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15C22971E046288FDB29CF289D407EAB7B5FB48306F1541EAD84DE7241E775AE898F40
                                                                                                                                                                                                                          Function 00A9648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A964DC
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00A96639
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(00ABFCF8,00000000,00000001,00ABFB68,?), ref: 00A96650
                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00A968D4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                          • API String ID: 886957087-24824748
                                                                                                                                                                                                                          • Opcode ID: 26bb3ceb41b605c51f3e73dac4ea84c447cc8e076120cc1f5cad5f77ed1f1ba2
                                                                                                                                                                                                                          • Instruction ID: 23c37660288c812ce1a19c871e9862f6ee37259585af80e809b4c98c196ad2ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26bb3ceb41b605c51f3e73dac4ea84c447cc8e076120cc1f5cad5f77ed1f1ba2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD14871608211AFC704EF28D991D6BB7E9FF98704F04496DF5958B2A1DB30EE09CB92
                                                                                                                                                                                                                          Function 00AA22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetForegroundWindow.USER32(?,?,00000000), ref: 00AA22E8
                                                                                                                                                                                                                            • Part of subcall function 00A9E4EC: GetWindowRect.USER32(?,?), ref: 00A9E504
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00AA2312
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00AA2319
                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00AA2355
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AA2381
                                                                                                                                                                                                                          • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00AA23DF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2387181109-0
                                                                                                                                                                                                                          • Opcode ID: 9ae96098a84b3c0f8e70670d4083282da1623441a492b0920853e76154ab321f
                                                                                                                                                                                                                          • Instruction ID: 9e823680236635e60fd59c0422ae350d307bd5e17fd71c9981de7ae6dae45e60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9ae96098a84b3c0f8e70670d4083282da1623441a492b0920853e76154ab321f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9631E272504315AFCB20DF58C845F5BB7A9FF86710F000A19F9859B191DB34E919CBA2
                                                                                                                                                                                                                          Function 00A99B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00A99B78
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00A99C8B
                                                                                                                                                                                                                            • Part of subcall function 00A93874: GetInputState.USER32 ref: 00A938CB
                                                                                                                                                                                                                            • Part of subcall function 00A93874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A93966
                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00A99BA8
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00A99C75
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 1972594611-438819550
                                                                                                                                                                                                                          • Opcode ID: e1d0713d321e9e4c56cfd93fc387131a06d5fa492dff9434b50c5552997fc283
                                                                                                                                                                                                                          • Instruction ID: 9dafe798f524061c42ff2ca445bcffc1a2eed8ac04efd4a18d8fc159475410a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d0713d321e9e4c56cfd93fc387131a06d5fa492dff9434b50c5552997fc283
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96415E71A0021AAFCF54DFA8DD85AEEBBF8EF05310F14456AE405A6191EB309E44CB61
                                                                                                                                                                                                                          Function 00A3997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,?,?,?,?), ref: 00A39A4E
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00A39B23
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00A39B36
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$LongProcWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3131106179-0
                                                                                                                                                                                                                          • Opcode ID: 7f840e09ad92d31042b16c0829233136e48ff9ab11a7764b7ac99eecdbbcbbff
                                                                                                                                                                                                                          • Instruction ID: 8f826aea2e7e2d127cb47d5ced3cfc55afa5f4653a851e1c56a110a1aca79be9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f840e09ad92d31042b16c0829233136e48ff9ab11a7764b7ac99eecdbbcbbff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1A14B71608504EEE728EB7C8D99EBF36ADDB42380F14C309F106C6696CAA59D02D272
                                                                                                                                                                                                                          Function 00AA1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00AA304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA307A
                                                                                                                                                                                                                            • Part of subcall function 00AA304E: _wcslen.LIBCMT ref: 00AA309B
                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00AA185D
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1884
                                                                                                                                                                                                                          • bind.WSOCK32(00000000,?,00000010), ref: 00AA18DB
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA18E6
                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00AA1915
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1601658205-0
                                                                                                                                                                                                                          • Opcode ID: 26a846d7ae494a8f9886eefe0916cb42c09f2fa07ed002a8b8e870b8a22cbdc2
                                                                                                                                                                                                                          • Instruction ID: 471ee7db56bd126ff765dbb65cdf888dffd5c3e2c5433bb0cd7482fbb6c90f38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26a846d7ae494a8f9886eefe0916cb42c09f2fa07ed002a8b8e870b8a22cbdc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A51B271A00210AFDB10EF68D986F6A77E5AB49718F048058F9066F3D3D775AD42CBE1
                                                                                                                                                                                                                          Function 00AB1C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 292994002-0
                                                                                                                                                                                                                          • Opcode ID: 48fb52d803d0840574da073f9cfd9a8a65e57828f78f76804034b3ec17e20bd9
                                                                                                                                                                                                                          • Instruction ID: 735bc4e10ea5582d29849d6f9445a55f6ee987c1dcd7ab06e5e0d53b7a60aa16
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 48fb52d803d0840574da073f9cfd9a8a65e57828f78f76804034b3ec17e20bd9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B42194317402115FD7208F1AD864FAA7FA9EF86364F598068E845CB253D771DD42CB90
                                                                                                                                                                                                                          Function 00A28060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                          • API String ID: 0-1546025612
                                                                                                                                                                                                                          • Opcode ID: a6b8b1afe949e01471f1128235fe462a5dafcd9324159a95b293c69978358759
                                                                                                                                                                                                                          • Instruction ID: 6c473b9f0a1334d2086862aa1c19bb57d2fe9e8ad7ba543ba1a9631a516ddbd9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6b8b1afe949e01471f1128235fe462a5dafcd9324159a95b293c69978358759
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2A27171E0162ACBDF24CF68D9507EDB7B1BF54310F2481AAE815AB285EB749D81CF90
                                                                                                                                                                                                                          Function 00A8AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00A8AAAC
                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080), ref: 00A8AAC8
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00A8AB36
                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00A8AB88
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                          • Opcode ID: dc5a0154161eaddd9cafc58fe494c1ae00abe722b4c8334dc8233e4595cbaea7
                                                                                                                                                                                                                          • Instruction ID: 4682a6fe6cffbd73ae08e27c634338e7629a73f128bda73b49b4e9377244ffbb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc5a0154161eaddd9cafc58fe494c1ae00abe722b4c8334dc8233e4595cbaea7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99310870A40648AEFF35EB64CC09BFA7BA6EB64320F04421BF5C1565E1D3758D91C762
                                                                                                                                                                                                                          Function 00A9CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetReadFile.WININET(?,?,00000400,?), ref: 00A9CE89
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00A9CEEA
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000), ref: 00A9CEFE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 234945975-0
                                                                                                                                                                                                                          • Opcode ID: 0791890b794534da0dc0c775cfc2c8a47d1173eda81923bef5673c538d8b3e6d
                                                                                                                                                                                                                          • Instruction ID: 4735c87e7be77baf8a5565fffa2308cd3081a2c7823a1d6e154ed2e6715308bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0791890b794534da0dc0c775cfc2c8a47d1173eda81923bef5673c538d8b3e6d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB21ACB1600B05ABEF20DFA5C988BA7B7FCEB50364F10482EE546D2152E770EE058B60
                                                                                                                                                                                                                          Function 00A88298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00A882AA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                                                          • String ID: ($|
                                                                                                                                                                                                                          • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                          • Opcode ID: b0310fac687d111a9ed8c987b8e787702b960c88e992a3613d54774bec50a16b
                                                                                                                                                                                                                          • Instruction ID: b845948e58c15b4e09fe665228b5bcaa1c95cf1ddd6d62f579f6adab98a087f0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0310fac687d111a9ed8c987b8e787702b960c88e992a3613d54774bec50a16b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89323474A006059FCB28DF59C480AAAB7F0FF48710B55C56EE49ADB3A1EB74E981CB40
                                                                                                                                                                                                                          Function 00A95C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A95CC1
                                                                                                                                                                                                                          • FindNextFileW.KERNEL32(00000000,?), ref: 00A95D17
                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 00A95D5F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3541575487-0
                                                                                                                                                                                                                          • Opcode ID: 1de76ee696e7bd0d86c6a1297021078b98a32dd53e4d7a4c73ae041bbdaa7183
                                                                                                                                                                                                                          • Instruction ID: 85502605f4a9b7f5ae35381d8bb5de792db4efdf82f583d3d1f93febdaae1da4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1de76ee696e7bd0d86c6a1297021078b98a32dd53e4d7a4c73ae041bbdaa7183
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00518B34B046019FCB14DF28D495E9AB7E4FF49324F14855DE95A8B3A2DB30ED05CB91
                                                                                                                                                                                                                          Function 00A52622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 00A5271A
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00A52724
                                                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00A52731
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                                                                          • Opcode ID: ad81d3db5aeec2af8c1e83cd92c9b8e7efa431a85d2196fd2bc6c83883086bd1
                                                                                                                                                                                                                          • Instruction ID: 2e056aee859652f8bead19cbe5f92b85941be3ff41305fcf91c47fd1d651b85c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad81d3db5aeec2af8c1e83cd92c9b8e7efa431a85d2196fd2bc6c83883086bd1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31B5759112189BCB21DF64DD89BDDB7B8BF48310F5042EAE81CA7261E7309F858F45
                                                                                                                                                                                                                          Function 00A951CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00A951DA
                                                                                                                                                                                                                          • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00A95238
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00A952A1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1682464887-0
                                                                                                                                                                                                                          • Opcode ID: c9d71c558a1a3c9b2de82e9fb248e19d9b7ee53b73a403580efbdb6dd4b65976
                                                                                                                                                                                                                          • Instruction ID: 379e6d231e43de667e6a2dce57b692fbcf3d7a8527bf2755d7c16efd721c526d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9d71c558a1a3c9b2de82e9fb248e19d9b7ee53b73a403580efbdb6dd4b65976
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA314F75A00518DFDB00DF94D885EADBBF4FF48314F048099E805AB362DB31E856CB90
                                                                                                                                                                                                                          Function 00A816C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A3FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A40668
                                                                                                                                                                                                                            • Part of subcall function 00A3FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00A40685
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00A8170D
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00A8173A
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A8174A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 577356006-0
                                                                                                                                                                                                                          • Opcode ID: b5d7b889d0f86b3f53d872c0a4f0b959f6e7b25c061784655878ee60c52f3cb9
                                                                                                                                                                                                                          • Instruction ID: 9e2ac89f77205643db597cfd3d3ff100bd50f9884f2580b440d84904b974d511
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5d7b889d0f86b3f53d872c0a4f0b959f6e7b25c061784655878ee60c52f3cb9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47119EB2814304AFD718EF54DC8AD6AB7BDFF44764B20852EF05657651EB70BC428B60
                                                                                                                                                                                                                          Function 00A8D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A8D608
                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00A8D645
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00A8D650
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 33631002-0
                                                                                                                                                                                                                          • Opcode ID: d6cecdd3001582f52fef5360719ccdcda8481c1af0f0f514f6f3d8e987cba2cf
                                                                                                                                                                                                                          • Instruction ID: 9ccd2584fbbc15454cf6c0067e61f4e4bf51901366d0d0effb646018121828ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6cecdd3001582f52fef5360719ccdcda8481c1af0f0f514f6f3d8e987cba2cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66115E75E05228BFDB10DF99EC45FAFBBBCEB45B60F108225F904E7290D6704A058BA1
                                                                                                                                                                                                                          Function 00A81663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00A8168C
                                                                                                                                                                                                                          • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00A816A1
                                                                                                                                                                                                                          • FreeSid.ADVAPI32(?), ref: 00A816B1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3429775523-0
                                                                                                                                                                                                                          • Opcode ID: 19e6274d5ef65963b37a6f25dddc0a3e9af9c4764a90b629bcbcdf6295b37f27
                                                                                                                                                                                                                          • Instruction ID: 67049e1d562dc4ffa0a9a5ad994d152af4cc12b4d660afdf86cb3cbeb11dddd3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19e6274d5ef65963b37a6f25dddc0a3e9af9c4764a90b629bcbcdf6295b37f27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26F0F471950309FBDB00EFE49C89EAEBBBCFB08614F504565E501E2191E774AA458B60
                                                                                                                                                                                                                          Function 00A5C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: /
                                                                                                                                                                                                                          • API String ID: 0-2043925204
                                                                                                                                                                                                                          • Opcode ID: e79201ae98531205f0268574f0858bd907263a7d80bf9e5bd3d7dcc5746c2b37
                                                                                                                                                                                                                          • Instruction ID: cd763ad910ed331b2e8a54f15c986e331df97a1d009f603419daeac6d64242b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e79201ae98531205f0268574f0858bd907263a7d80bf9e5bd3d7dcc5746c2b37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 124126725003186FCB20AFB9CC49EABB7B8FB84325F504269FD05CB184E6709D85CB50
                                                                                                                                                                                                                          Function 00A7D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(?,?), ref: 00A7D28C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                          • String ID: X64
                                                                                                                                                                                                                          • API String ID: 2645101109-893830106
                                                                                                                                                                                                                          • Opcode ID: 66e290418db9f42834b61a18dc68a3481e89680fa1df57346bb3f6463a0893e5
                                                                                                                                                                                                                          • Instruction ID: 2b178de94a262b13995a3d753e0fc6802037a2dd339f981401ed0b1321227e0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66e290418db9f42834b61a18dc68a3481e89680fa1df57346bb3f6463a0893e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96D0CAB480112DEBCB94DBA0EC88DDEB3BCBB04306F108292F50AA2001DB30964A8F20
                                                                                                                                                                                                                          Function 00A4CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                          • Instruction ID: 4a9e658a86aa773e0aa275241e9cf77859cb88335db59d45ae27c10715775ec6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6023C75E012199FDF54CFA9C9806ADFBF1EF88324F25816AD819E7380D731AE418B80
                                                                                                                                                                                                                          Function 00A968EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00A96918
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00A96961
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                          • Opcode ID: aaa6d8762365fe1e8aa3f23c3d391e0c83f6cd2df5d535e7a983a1ef900e11cc
                                                                                                                                                                                                                          • Instruction ID: 3c681137b2314191a21e109d4e3086258a31bdd82ad23592d8703682973ed7fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aaa6d8762365fe1e8aa3f23c3d391e0c83f6cd2df5d535e7a983a1ef900e11cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C1190356042109FCB14DF69D484A1ABBE5FF89328F14C6A9E4698F6A2C730EC05CBD1
                                                                                                                                                                                                                          Function 00A937B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00AA4891,?,?,00000035,?), ref: 00A937E4
                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00AA4891,?,?,00000035,?), ref: 00A937F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                                                                          • Opcode ID: c3f3f367ddfdfc61e712a4c55ba8b61e3845d9a083461ff16a6a5d7a6735446f
                                                                                                                                                                                                                          • Instruction ID: dd425820a23ff642a756a42eb217548cd76e5347a91bfcf61fffa81dc58d6354
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3f3f367ddfdfc61e712a4c55ba8b61e3845d9a083461ff16a6a5d7a6735446f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F0E5B17042282AEB20A7A69D4DFEB7ABEEFC4775F000275F509D22A1D9609904C6B0
                                                                                                                                                                                                                          Function 00A8B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00A8B25D
                                                                                                                                                                                                                          • keybd_event.USER32(?,75A4C0D0,?,00000000), ref: 00A8B270
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InputSendkeybd_event
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3536248340-0
                                                                                                                                                                                                                          • Opcode ID: 4111e77ccc22dc8892f8b3da88235bcd9a95c54b720805f38b94ff652a8239ae
                                                                                                                                                                                                                          • Instruction ID: dbb620c949077b9569804e40d841ef7906f1a5b595104026d204541254af3b8a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4111e77ccc22dc8892f8b3da88235bcd9a95c54b720805f38b94ff652a8239ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F06D7080424DABDB05DFA0C805BEE7BB0FF04315F008009F951A51A2D37982019FA4
                                                                                                                                                                                                                          Function 00A810BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00A811FC), ref: 00A810D4
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00A811FC), ref: 00A810E9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 81990902-0
                                                                                                                                                                                                                          • Opcode ID: 0a7f0c7edb4819933ef3c266fa5cb443fca8fc764bec9f2cced474b4cde5456c
                                                                                                                                                                                                                          • Instruction ID: a3fa7a0be2be8615000fd1b59a9ac5ce13955633e3167d2655dfa9aeb881e649
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a7f0c7edb4819933ef3c266fa5cb443fca8fc764bec9f2cced474b4cde5456c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DE04F32418600AFE7252B51FC09E7377E9EB04320F20892DF4A5804B1DB626C91DB10
                                                                                                                                                                                                                          Function 00A2CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Variable is not of type 'Object'., xrefs: 00A70C40
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                          • API String ID: 0-1840281001
                                                                                                                                                                                                                          • Opcode ID: f9ed902a0e4bbbad6b0be659fbd430b35a939839ab1961ebca30cf863aef4433
                                                                                                                                                                                                                          • Instruction ID: 0aff726d190e4c2fb60747146aafc5492ddc8855fe6986a7eccc124d643d3d9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9ed902a0e4bbbad6b0be659fbd430b35a939839ab1961ebca30cf863aef4433
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48328E70900228DFCF14DF98EA85FEDB7B5BF05354F148069E80AAB292D775AE45CB60
                                                                                                                                                                                                                          Function 00A5676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00A56766,?,?,00000008,?,?,00A5FEFE,00000000), ref: 00A56998
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                                                                          • Opcode ID: f86f87b320f8e7d803a48056670b02a1f66b2679b915b2f5d1fbab05b67b20ff
                                                                                                                                                                                                                          • Instruction ID: 9ef7932b09eb20192ec37c12d7df79a6eb7e89ba22ae3d853d956f9a8c10ff8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f86f87b320f8e7d803a48056670b02a1f66b2679b915b2f5d1fbab05b67b20ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61B14932610608DFD715CF28C48AB657BB0FF45366F698658E999CF2A2C335E989CB40
                                                                                                                                                                                                                          Function 00A3B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                          • Opcode ID: b752c38ab48e3510b35e13244badcd5bc5c0de18855f4b3b49ff562b828c247f
                                                                                                                                                                                                                          • Instruction ID: 032a823475cbc387cf87e0ad6932daad8601d00859a1198d0c2894e669c49324
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b752c38ab48e3510b35e13244badcd5bc5c0de18855f4b3b49ff562b828c247f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A8125F75E102299FCB14CF58C8816EEB7F5FF48710F14819AE949EB255DB349E81CBA0
                                                                                                                                                                                                                          Function 00A9EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • BlockInput.USER32(00000001), ref: 00A9EABD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BlockInput
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3456056419-0
                                                                                                                                                                                                                          • Opcode ID: 61ad69e55925e1cc7a285ab38748dee19adeb7ef700ea624d28a923009d1ef0a
                                                                                                                                                                                                                          • Instruction ID: 11ce740ed07e01e913058045b8299ef28aae2aec17db5b1a5396b8e3b3268e9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ad69e55925e1cc7a285ab38748dee19adeb7ef700ea624d28a923009d1ef0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42E01A312102149FD710EF59E904E9AB7E9AF987B0F048426FC4ACB662DA70A8418BA0
                                                                                                                                                                                                                          Function 00A409D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00A403EE), ref: 00A409DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                          • Opcode ID: 8d7cf8f8b2b68b5c04afd9cf8f684e2632d597f1119055c0485e1863d0b04adc
                                                                                                                                                                                                                          • Instruction ID: d07d8c83845f8fc4dc96fff000ad062af7d28c2cf35d5d4f1e0d95da3260594a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d7cf8f8b2b68b5c04afd9cf8f684e2632d597f1119055c0485e1863d0b04adc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Function 00A4781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 0-4108050209
                                                                                                                                                                                                                          • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                          • Instruction ID: e628b490e15d6155621316f4814eadb958c54d8774221d0d1b32ee04bfaeeca0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A151C97D60C7C99BDB788778895EBBE23D99BD2340F280919D882C7283C705DE85C352
                                                                                                                                                                                                                          Function 00A56DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 44089d9a11ee6892cd43f76c389094165b5a78d1f2a7aebfa429ab20e462d382
                                                                                                                                                                                                                          • Instruction ID: a4e6df3c545198d76fde6988772d02a3627f97a6bd2dee25961b4efaf4b56370
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 44089d9a11ee6892cd43f76c389094165b5a78d1f2a7aebfa429ab20e462d382
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B32F122D29F014DD7239635E822339A659AFB73C6F16D737E81AB59A5EF39C4834200
                                                                                                                                                                                                                          Function 00A3CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5e1e329779db702afe3e879922e07a33390c2132c407f52e88dc9380dfa4bd74
                                                                                                                                                                                                                          • Instruction ID: 8d81e134af1ea9fe8f94cee64c1d5baffed04ec2eeb5aa68e9294b31a9fed4e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1e329779db702afe3e879922e07a33390c2132c407f52e88dc9380dfa4bd74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B032D132A001558BDF28CB29CC9467D77B1EB45370F28C56EE88EAB292D635DD82DB41
                                                                                                                                                                                                                          Function 00A27920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 362fe41cbba443e3bba4b73a6121964a0e2f44ccc915a4baa4bb1566bf6343f5
                                                                                                                                                                                                                          • Instruction ID: ba16054e1fb91d4df62742ddb7d62fde7e70d6812ce2ec37bead5eda2090b024
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 362fe41cbba443e3bba4b73a6121964a0e2f44ccc915a4baa4bb1566bf6343f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C922BF70E0061ADFDF14CFA9D981AAEB3B2FF44300F244539E816AB291EB359E51CB50
                                                                                                                                                                                                                          Function 00A291C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d081fc81c07a47734bcf323bdc26983a2eaf7bc6a7bfca8accb6db2d027d9db5
                                                                                                                                                                                                                          • Instruction ID: 0123f411f8af1cf1dd65320a2a478d32fb51405322aac6f14bd7b9348997ca59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d081fc81c07a47734bcf323bdc26983a2eaf7bc6a7bfca8accb6db2d027d9db5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F002B6B5E00216EFDF04DF54D981AAEB7B1FF54344F208169F8169B291EB31AE21CB91
                                                                                                                                                                                                                          Function 00A59EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c59a6ea00f01d7c9ef8f96e42b97ea04adb6d873a7f7a9e6c619e707d66d09f0
                                                                                                                                                                                                                          • Instruction ID: 93930a47f790423b739585809371ab5e95b960e51313e5c6ff70a120baac817b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c59a6ea00f01d7c9ef8f96e42b97ea04adb6d873a7f7a9e6c619e707d66d09f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13B10421E2AF814DD72396798831336B65C7FBB6D5F52D71BFC2678E22EB2285834140
                                                                                                                                                                                                                          Function 00A41C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                          • Instruction ID: a2b0a6f177091ae8d76e31b2d92ac98edcd7923499d3c5cbb78c43863908ec7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A91667A6080E34ADB29473E857507EFFF15AD23A231A079ED4F2CA1C5FE249994D620
                                                                                                                                                                                                                          Function 00A41F32 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                          • Instruction ID: 7eddc0a7437c4073d333743b34c3c653d5b4b79a1e5e1df7a11565f4df0082b8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9791647A2090A349DB69433D857453EFFF15AD23A135A079EE4F2CB1C5EE24C998E720
                                                                                                                                                                                                                          Function 00A419B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                          • Instruction ID: f132e1a99daa54dbecc3fd24943a1235df6e812952e8bd26781bd29ee29e78b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C91337A2090E34ADB6D477A857443EFFF19AD23A231A07ADD4F2CA1C1FE248595D620
                                                                                                                                                                                                                          Function 00A47A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cf4249e8196087ea06b98b7cba2006e3da1e33afb00b61df1845d994d9be65c5
                                                                                                                                                                                                                          • Instruction ID: 56187df7263369950ce552e8553481d096e73cca9955b7985e72ecaed8f18fee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf4249e8196087ea06b98b7cba2006e3da1e33afb00b61df1845d994d9be65c5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC618A7D2087C996DE349B288D95BBE63A4DFC1780F20092EE983DB281DB55DE43C356
                                                                                                                                                                                                                          Function 00A47CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 257c7bccdfc65492db85b357e88cceed92c58def4baff96f280ce4ee06c92e83
                                                                                                                                                                                                                          • Instruction ID: 5d9e0f2e68d1b4c313371cfaf62b8b9a1e30501af0c2ba45d37797225b90ac6b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 257c7bccdfc65492db85b357e88cceed92c58def4baff96f280ce4ee06c92e83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4961CD3DA1C7C967CE389B285D52BBF2394DFC2704F200A59E943DB281DB16DD428B51
                                                                                                                                                                                                                          Function 00A41706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                          • Instruction ID: e8decc76f7ff8cd5eb4f538773a0d1da2f7dab3ac3f9d154f0c07a50781c6593
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9481743A6090E349DB6D477A857443EFFE15AD23A131A079DD4F2CB1C2FE24C594E620
                                                                                                                                                                                                                          Function 00A92046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2eb22348b9eb5ffe8823734ac05d8e2ab14af3344a761b11eb8b444b0cc61c8e
                                                                                                                                                                                                                          • Instruction ID: 51c4cc0350b92a7cc58165b3de044686642a76295a61e85fff4650012f4dbe49
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2eb22348b9eb5ffe8823734ac05d8e2ab14af3344a761b11eb8b444b0cc61c8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E2193327206158BDB28CFB9C82277A73E5A754320F15862EE4A7C37D1DE35AD04CB80
                                                                                                                                                                                                                          Function 00AA2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00AA2B30
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00AA2B43
                                                                                                                                                                                                                          • DestroyWindow.USER32 ref: 00AA2B52
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00AA2B6D
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00AA2B74
                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00AA2CA3
                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00AA2CB1
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2CF8
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00AA2D04
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00AA2D40
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2D62
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2D75
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2D80
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00AA2D89
                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2D98
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00AA2DA1
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2DA8
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00AA2DB3
                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2DC5
                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(?,00000000,00000000,00ABFC38,00000000), ref: 00AA2DDB
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00AA2DEB
                                                                                                                                                                                                                          • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00AA2E11
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00AA2E30
                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA2E52
                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00AA303F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                          • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                          • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                          • Opcode ID: 7b580078bdcf7660efd83b59bd526679736fdf8d2717c88ad9ba4aa9ed0e9a91
                                                                                                                                                                                                                          • Instruction ID: 0474eb0e2a99774575c827c303f23f3eb37eab4adb6142abec48d2a6dec2ac4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b580078bdcf7660efd83b59bd526679736fdf8d2717c88ad9ba4aa9ed0e9a91
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5026C75500215EFDB14DFA8DD89EAE7BB9FB49720F008258F915AB2A1DB70ED01CB60
                                                                                                                                                                                                                          Function 00AB70D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00AB712F
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00AB7160
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00AB716C
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,000000FF), ref: 00AB7186
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00AB7195
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00AB71C0
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 00AB71C8
                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 00AB71CF
                                                                                                                                                                                                                          • FrameRect.USER32(?,?,00000000), ref: 00AB71DE
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00AB71E5
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FE,000000FE), ref: 00AB7230
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00AB7262
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB7284
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: GetSysColor.USER32(00000012), ref: 00AB7421
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: SetTextColor.GDI32(?,?), ref: 00AB7425
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: GetSysColorBrush.USER32(0000000F), ref: 00AB743B
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: GetSysColor.USER32(0000000F), ref: 00AB7446
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: GetSysColor.USER32(00000011), ref: 00AB7463
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AB7471
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: SelectObject.GDI32(?,00000000), ref: 00AB7482
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: SetBkColor.GDI32(?,00000000), ref: 00AB748B
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: SelectObject.GDI32(?,?), ref: 00AB7498
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00AB74B7
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AB74CE
                                                                                                                                                                                                                            • Part of subcall function 00AB73E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00AB74DB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4124339563-0
                                                                                                                                                                                                                          • Opcode ID: 606fccff87fb86769a6061aac07965b4741c46e86498a433fb4815c1a5c296b9
                                                                                                                                                                                                                          • Instruction ID: a01d14db16e879cae82b151d64b987dae00ce690f641eb628ab5796d70162e21
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 606fccff87fb86769a6061aac07965b4741c46e86498a433fb4815c1a5c296b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0EA16072008301AFD711DFA4DC48E9F7BA9FB89330F100B19F9A2A61B2D775E9459B61
                                                                                                                                                                                                                          Function 00A38D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?), ref: 00A38E14
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001308,?,00000000), ref: 00A76AC5
                                                                                                                                                                                                                          • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00A76AFE
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00A76F43
                                                                                                                                                                                                                            • Part of subcall function 00A38F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A38BE8,?,00000000,?,?,?,?,00A38BBA,00000000,?), ref: 00A38FC5
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053), ref: 00A76F7F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00A76F96
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A76FAC
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?), ref: 00A76FB7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                          • Opcode ID: 3c7367901eb211b2268a5cd25721c371166407f7065769598ab51be404d9dda8
                                                                                                                                                                                                                          • Instruction ID: 044510039f6bc2b08e1badcc56f16e973e35402927b6b92f44f3fbf9170650e3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c7367901eb211b2268a5cd25721c371166407f7065769598ab51be404d9dda8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B128B30200A01DFDB25DF64CD94BAABBB5FB45310F24C569F4898B262CB79EC52CB91
                                                                                                                                                                                                                          Function 00AA2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000), ref: 00AA273E
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00AA286A
                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00AA28A9
                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00AA28B9
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00AA2900
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00AA290C
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00AA2955
                                                                                                                                                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00AA2964
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00AA2974
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00AA2978
                                                                                                                                                                                                                          • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00AA2988
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AA2991
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00AA299A
                                                                                                                                                                                                                          • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00AA29C6
                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,00000001), ref: 00AA29DD
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00AA2A1D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00AA2A31
                                                                                                                                                                                                                          • SendMessageW.USER32(00000404,00000001,00000000), ref: 00AA2A42
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00AA2A77
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00AA2A82
                                                                                                                                                                                                                          • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00AA2A8D
                                                                                                                                                                                                                          • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00AA2A97
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                          • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                          • API String ID: 2910397461-517079104
                                                                                                                                                                                                                          • Opcode ID: ef0afd8702877ace699d1a01f3673573903430c4d1caa09cb978a8b144f10fa9
                                                                                                                                                                                                                          • Instruction ID: 6b33423ed6990f78269bc1066c4ebe7de356f268b6a213b55f50b9c04d68c3ac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef0afd8702877ace699d1a01f3673573903430c4d1caa09cb978a8b144f10fa9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0B15C71A00215AFEB14DFA8DD49FAE7BA9EB09710F004614F915EB2E1D774ED41CBA0
                                                                                                                                                                                                                          Function 00A94ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00A94AED
                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,00ABCB68,?,\\.\,00ABCC08), ref: 00A94BCA
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00ABCB68,?,\\.\,00ABCC08), ref: 00A94D36
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                          • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                          • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                          • Opcode ID: 4e63cc0a0dd178158e34588de4aadd9ba01ba67085102ab9745681bbc3e2209b
                                                                                                                                                                                                                          • Instruction ID: 787d0c3aa8db77bc68e9217b39ba2cf0261d8fcd3ee8866e1ae11aac2f1d01d5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e63cc0a0dd178158e34588de4aadd9ba01ba67085102ab9745681bbc3e2209b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7861BF30705155AFCF08EF29CAC1D6DB7F0BB5C788B244865F806AB292DA35ED42DB41
                                                                                                                                                                                                                          Function 00AB73E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00AB7421
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00AB7425
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 00AB743B
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00AB7446
                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 00AB744B
                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00AB7463
                                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00AB7471
                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00AB7482
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,00000000), ref: 00AB748B
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00AB7498
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00AB74B7
                                                                                                                                                                                                                          • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00AB74CE
                                                                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00AB74DB
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00AB752A
                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00AB7554
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FD,000000FD), ref: 00AB7572
                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 00AB757D
                                                                                                                                                                                                                          • GetSysColor.USER32(00000011), ref: 00AB758E
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 00AB7596
                                                                                                                                                                                                                          • DrawTextW.USER32(?,00AB70F5,000000FF,?,00000000), ref: 00AB75A8
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00AB75BF
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00AB75CA
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00AB75D0
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00AB75D5
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00AB75DB
                                                                                                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00AB75E5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1996641542-0
                                                                                                                                                                                                                          • Opcode ID: 17f713a5ef171b6985bbdb94946785f9bc672d5cf4fb85bdcad221511f705596
                                                                                                                                                                                                                          • Instruction ID: e17d321274dd1bc5fe62f362b4dbbbfe288f0d72d382fb3d3ce9c18ae19fd12d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17f713a5ef171b6985bbdb94946785f9bc672d5cf4fb85bdcad221511f705596
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9616F72904218AFDF11DFA8DC49EEE7FB9EB48320F104215F911BB2A2D7749941DBA0
                                                                                                                                                                                                                          Function 00AB0FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB1128
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00AB113D
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00AB1144
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB1199
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00AB11B9
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00AB11ED
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB120B
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AB121D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,?), ref: 00AB1232
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00AB1245
                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 00AB12A1
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00AB12BC
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00AB12D0
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00AB12E8
                                                                                                                                                                                                                          • MonitorFromPoint.USER32(?,?,00000002), ref: 00AB130E
                                                                                                                                                                                                                          • GetMonitorInfoW.USER32(00000000,?), ref: 00AB1328
                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 00AB133F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000412,00000000), ref: 00AB13AA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                          • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                          • API String ID: 698492251-4156429822
                                                                                                                                                                                                                          • Opcode ID: 161a2373768e2b565d749a878c355e689f2af06edac8b214a3aae5096688da8d
                                                                                                                                                                                                                          • Instruction ID: afe63b3abe7459835ae1d5f86a0183677eb96c4fa5e2b62dbfc10d4b7963982e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 161a2373768e2b565d749a878c355e689f2af06edac8b214a3aae5096688da8d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2B19D71604351AFD700DF68D994FAABBE8FF84350F408A1CF9999B262D731E845CBA1
                                                                                                                                                                                                                          Function 00AB0241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00AB02E5
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB031F
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0389
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB03F1
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0475
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00AB04C5
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00AB0504
                                                                                                                                                                                                                            • Part of subcall function 00A3F9F2: _wcslen.LIBCMT ref: 00A3F9FD
                                                                                                                                                                                                                            • Part of subcall function 00A8223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A82258
                                                                                                                                                                                                                            • Part of subcall function 00A8223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A8228A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                          • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                          • API String ID: 1103490817-719923060
                                                                                                                                                                                                                          • Opcode ID: 4861228823ebbbea516f79c4f9c6b046aad6c73fae8d7775e459d8144f0d964a
                                                                                                                                                                                                                          • Instruction ID: c3de5efc679633e3209f3d0ba1184c412f98208657662b18414114d3c1fcc6a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4861228823ebbbea516f79c4f9c6b046aad6c73fae8d7775e459d8144f0d964a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63E1AD312182519FC714DF28CA50DAFB7EABF88314F144A6DF8969B2A2DB30ED45CB51
                                                                                                                                                                                                                          Function 00A38891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A38968
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000007), ref: 00A38970
                                                                                                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00A3899B
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 00A389A3
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000004), ref: 00A389C8
                                                                                                                                                                                                                          • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00A389E5
                                                                                                                                                                                                                          • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00A389F5
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00A38A28
                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00A38A3C
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,000000FF), ref: 00A38A5A
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00A38A76
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A38A81
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetCursorPos.USER32(?), ref: 00A39141
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: ScreenToClient.USER32(00000000,?), ref: 00A3915E
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetAsyncKeyState.USER32(00000001), ref: 00A39183
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetAsyncKeyState.USER32(00000002), ref: 00A3919D
                                                                                                                                                                                                                          • SetTimer.USER32(00000000,00000000,00000028,00A390FC), ref: 00A38AA8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                          • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                          • API String ID: 1458621304-248962490
                                                                                                                                                                                                                          • Opcode ID: fcb44dac3b1861eb8b2223df450e4fd7e1a1d01242a36e430221a90852ca2f5f
                                                                                                                                                                                                                          • Instruction ID: a8c33dbc24bae7a343c6287370b619aba2496fe4a8cee7c10bc0bd55f5c8fa88
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fcb44dac3b1861eb8b2223df450e4fd7e1a1d01242a36e430221a90852ca2f5f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14B16D71A00209EFDB14DFA8CD85FAE3BB5FB48354F108229FA15A72A0DB74E841CB51
                                                                                                                                                                                                                          Function 00A80D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81114
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81120
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A8112F
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81136
                                                                                                                                                                                                                            • Part of subcall function 00A810F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A8114D
                                                                                                                                                                                                                          • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00A80DF5
                                                                                                                                                                                                                          • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00A80E29
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00A80E40
                                                                                                                                                                                                                          • GetAce.ADVAPI32(?,00000000,?), ref: 00A80E7A
                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00A80E96
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?), ref: 00A80EAD
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00A80EB5
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00A80EBC
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00A80EDD
                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000), ref: 00A80EE4
                                                                                                                                                                                                                          • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00A80F13
                                                                                                                                                                                                                          • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00A80F35
                                                                                                                                                                                                                          • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00A80F47
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80F6E
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80F75
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80F7E
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80F85
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A80F8E
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80F95
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00A80FA1
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A80FA8
                                                                                                                                                                                                                            • Part of subcall function 00A81193: GetProcessHeap.KERNEL32(00000008,00A80BB1,?,00000000,?,00A80BB1,?), ref: 00A811A1
                                                                                                                                                                                                                            • Part of subcall function 00A81193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00A80BB1,?), ref: 00A811A8
                                                                                                                                                                                                                            • Part of subcall function 00A81193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00A80BB1,?), ref: 00A811B7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4175595110-0
                                                                                                                                                                                                                          • Opcode ID: 6ccead57786e5465b8cc8dc2e716561aa0f27c4c5fae9af4da31dd1b03acbd76
                                                                                                                                                                                                                          • Instruction ID: bc3d2fcbc9ecb0abe1f7a682d261e38c29872cf45dc5003c7f855999e687c7f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6ccead57786e5465b8cc8dc2e716561aa0f27c4c5fae9af4da31dd1b03acbd76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D715E7190021AABDF60EFA4DD44FAEBBB8BF04351F148215FA19E6192D7319D09CB60
                                                                                                                                                                                                                          Function 00AAC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAC4BD
                                                                                                                                                                                                                          • RegCreateKeyExW.ADVAPI32(?,?,00000000,00ABCC08,00000000,?,00000000,?,?), ref: 00AAC544
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00AAC5A4
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAC5F4
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AAC66F
                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00AAC6B2
                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00AAC7C1
                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00AAC84D
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00AAC881
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AAC88E
                                                                                                                                                                                                                          • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00AAC960
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                          • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                          • API String ID: 9721498-966354055
                                                                                                                                                                                                                          • Opcode ID: 4d9b9e484d73d9803734e9b243d80327be4384092beba07ebd350d1a4ce3b05c
                                                                                                                                                                                                                          • Instruction ID: 8ddf2a0a1e15d3a8ec187ccffefb24a6af6257f2159a90b4130a72bbd1e50adb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4d9b9e484d73d9803734e9b243d80327be4384092beba07ebd350d1a4ce3b05c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F126A356042119FDB14DF18D981E2AB7E5FF89724F04886CF88A9B3A2DB35ED41CB81
                                                                                                                                                                                                                          Function 00AB091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00AB09C6
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0A01
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AB0A54
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0A8A
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0B06
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB0B81
                                                                                                                                                                                                                            • Part of subcall function 00A3F9F2: _wcslen.LIBCMT ref: 00A3F9FD
                                                                                                                                                                                                                            • Part of subcall function 00A82BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A82BFA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                          • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                          • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                          • Opcode ID: f33f525177080b04ccab25e5c4aa8b232f19d2321dc8d6802a35d0264a0962b3
                                                                                                                                                                                                                          • Instruction ID: e1ea25909d4fc22af26ec722b167393489650097c6504acf1b39dcdc26744008
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f33f525177080b04ccab25e5c4aa8b232f19d2321dc8d6802a35d0264a0962b3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85E189312083519FC714EF28C5509AEB7E5BF98354F14896DF896AB3A2DB30EE45CB81
                                                                                                                                                                                                                          Function 00AAC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                          • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                          • API String ID: 1256254125-909552448
                                                                                                                                                                                                                          • Opcode ID: 9d5a4fd7e7906ded5070b555621f9c66cd530355510d8c59a369904131def3e2
                                                                                                                                                                                                                          • Instruction ID: ea00565659708ce4a76f83133332dcfe3bc7bb403a960edbb828ba2f8f4e0814
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d5a4fd7e7906ded5070b555621f9c66cd530355510d8c59a369904131def3e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF71E83260016A8BEB10DF7DCD516BF33A2AB667B4F150529F8669B2C5E731CD45C3A0
                                                                                                                                                                                                                          Function 00AB833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB835A
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB836E
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB8391
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB83B4
                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00AB83F2
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00AB5BF2), ref: 00AB844E
                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AB8487
                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00AB84CA
                                                                                                                                                                                                                          • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00AB8501
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 00AB850D
                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00AB851D
                                                                                                                                                                                                                          • DestroyIcon.USER32(?,?,?,?,?,00AB5BF2), ref: 00AB852C
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00AB8549
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00AB8555
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                          • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                          • API String ID: 799131459-1154884017
                                                                                                                                                                                                                          • Opcode ID: 45f071a330159e5d082d6940eddd51cc269477a91f62279b1174b0888f91c51e
                                                                                                                                                                                                                          • Instruction ID: 67a1fabdab967af83a49735df385d814366a7356c7f6b6f76e936ebe6253d09a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45f071a330159e5d082d6940eddd51cc269477a91f62279b1174b0888f91c51e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B461E071540215BAEB24DF68CC81FFE77ACBB08B20F104609F815D61D2DF78AA81C7A0
                                                                                                                                                                                                                          Function 00A27778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                          • API String ID: 0-1645009161
                                                                                                                                                                                                                          • Opcode ID: 7669af807d038a56a1e4c5e94562f2a776fa1d5b5a684c22da166ac88781ee19
                                                                                                                                                                                                                          • Instruction ID: caa1246800192cc85bfd1a12e9fa129a86bb7bff23458528fcdb74fb8491f246
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7669af807d038a56a1e4c5e94562f2a776fa1d5b5a684c22da166ac88781ee19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B81F371A04225BFDB24AF79ED42FAE37B8BF56300F044434F904AA192EB74DA41C7A1
                                                                                                                                                                                                                          Function 00A93E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharLowerBuffW.USER32(?,?), ref: 00A93EF8
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A93F03
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A93F5A
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A93F98
                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00A93FD6
                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A9401E
                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A94059
                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A94087
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                          • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                                                                          • API String ID: 1839972693-4113822522
                                                                                                                                                                                                                          • Opcode ID: 972c23c6b05e0fc458da1dcdb8e7281dde6e2fb49ed5e85c8796962ad802b1bd
                                                                                                                                                                                                                          • Instruction ID: 653836e9dd9110bc86ffaaa9fdd9716876bad77b8ce190219c9b4931f1e04669
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 972c23c6b05e0fc458da1dcdb8e7281dde6e2fb49ed5e85c8796962ad802b1bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B771BF326042119FCB10EF28D98196AB7F4EFA8764F10492DF89697251EB31EE46CB91
                                                                                                                                                                                                                          Function 00A85A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadIconW.USER32(00000063), ref: 00A85A2E
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00A85A40
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00A85A57
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00A85A6C
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00A85A72
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00A85A82
                                                                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00A85A88
                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00A85AA9
                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00A85AC3
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A85ACC
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A85B33
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00A85B6F
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00A85B75
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00A85B7C
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00A85BD3
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00A85BE0
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000005,00000000,?), ref: 00A85C05
                                                                                                                                                                                                                          • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00A85C2F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 895679908-0
                                                                                                                                                                                                                          • Opcode ID: ebf4e24091f3410bd952691ec6a41f9fe931da594862ff705c1b08aee695fff9
                                                                                                                                                                                                                          • Instruction ID: 1cfdc9cf59f10b425fc83103b9210ac39cfa849274117fd7e2b0fc599b20065e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ebf4e24091f3410bd952691ec6a41f9fe931da594862ff705c1b08aee695fff9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B715D31900B05AFDB20EFB8CE89EAEBBF5FF48714F104618E582A65A0D775E945CB50
                                                                                                                                                                                                                          Function 00A9FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00A9FE27
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8A), ref: 00A9FE32
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 00A9FE3D
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F03), ref: 00A9FE48
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F8B), ref: 00A9FE53
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F01), ref: 00A9FE5E
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F81), ref: 00A9FE69
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F88), ref: 00A9FE74
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F80), ref: 00A9FE7F
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F86), ref: 00A9FE8A
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F83), ref: 00A9FE95
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F85), ref: 00A9FEA0
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F82), ref: 00A9FEAB
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F84), ref: 00A9FEB6
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F04), ref: 00A9FEC1
                                                                                                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00A9FECC
                                                                                                                                                                                                                          • GetCursorInfo.USER32(?), ref: 00A9FEDC
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A9FF1E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3215588206-0
                                                                                                                                                                                                                          • Opcode ID: 8e172a8e22305366d01aaa6f70e8a8bb61b199cec1e0eb9e18a24b831e2a51ff
                                                                                                                                                                                                                          • Instruction ID: 9437b8405c84d264cb3363723ba6726288eae8b1b2ba6499162dddd1eaed7b96
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e172a8e22305366d01aaa6f70e8a8bb61b199cec1e0eb9e18a24b831e2a51ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E4144B0E043196EDB10DFBA8C89C5EBFE8FF04754B50452AE11DEB291DB789901CE91
                                                                                                                                                                                                                          Function 00A400C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00A400C6
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00AF070C,00000FA0,F3D903D7,?,?,?,?,00A623B3,000000FF), ref: 00A4011C
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00A623B3,000000FF), ref: 00A40127
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00A623B3,000000FF), ref: 00A40138
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A4014E
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A4015C
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A4016A
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A40195
                                                                                                                                                                                                                            • Part of subcall function 00A400ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00A401A0
                                                                                                                                                                                                                          • ___scrt_fastfail.LIBCMT ref: 00A400E7
                                                                                                                                                                                                                            • Part of subcall function 00A400A3: __onexit.LIBCMT ref: 00A400A9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • InitializeConditionVariable, xrefs: 00A40148
                                                                                                                                                                                                                          • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A40122
                                                                                                                                                                                                                          • SleepConditionVariableCS, xrefs: 00A40154
                                                                                                                                                                                                                          • kernel32.dll, xrefs: 00A40133
                                                                                                                                                                                                                          • WakeAllConditionVariable, xrefs: 00A40162
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                          • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 66158676-1714406822
                                                                                                                                                                                                                          • Opcode ID: f842e9ebb57393d52512a5bf7af40006d59d1ee93a54477917520ead71f8ca83
                                                                                                                                                                                                                          • Instruction ID: 9bbaacf2f84d639c34aede7c2b002c03f59f76891a7791d7ffedc607db0a8925
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f842e9ebb57393d52512a5bf7af40006d59d1ee93a54477917520ead71f8ca83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9221F936A447107FEB10ABE8BD45F697398EB84F61F140725FA01A62A3DBB498019A90
                                                                                                                                                                                                                          Function 00A830F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                          • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                          • API String ID: 176396367-1603158881
                                                                                                                                                                                                                          • Opcode ID: 45f98f4987e861b7eccc4306e1f776f3cf6ee877ace5b048561fa07afdc6e812
                                                                                                                                                                                                                          • Instruction ID: d9775cab35a0edf8881bad0924aaa2ad9d118ceb48db0a790332152e374d1173
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45f98f4987e861b7eccc4306e1f776f3cf6ee877ace5b048561fa07afdc6e812
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3E1A633E00516AFCF18AFB8C8517EEBBB5BF54B10F548129E456B7240EB70AE859790
                                                                                                                                                                                                                          Function 00A944C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharLowerBuffW.USER32(00000000,00000000,00ABCC08), ref: 00A94527
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A9453B
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A94599
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A945F4
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A9463F
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A946A7
                                                                                                                                                                                                                            • Part of subcall function 00A3F9F2: _wcslen.LIBCMT ref: 00A3F9FD
                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?,00AE6BF0,00000061), ref: 00A94743
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                          • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                          • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                          • Opcode ID: e84a3e538fb6673da72610c0ce2a8124d7776b03e4a4cfe9709555fdcde2702c
                                                                                                                                                                                                                          • Instruction ID: 1fe9533f848927f93161c770f904b99769ee6c1db4a5744a036e7ca518a4d699
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e84a3e538fb6673da72610c0ce2a8124d7776b03e4a4cfe9709555fdcde2702c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07B10F716083129FCB10DF28C990E6AB7E5BFA9760F10492DF196C7291E730DC46CB92
                                                                                                                                                                                                                          Function 00AA3FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,00ABCC08), ref: 00AA40BB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00AA40CD
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00ABCC08), ref: 00AA40F2
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00ABCC08), ref: 00AA413E
                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028,?,00ABCC08), ref: 00AA41A8
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000009), ref: 00AA4262
                                                                                                                                                                                                                          • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00AA42C8
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00AA42F2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                                                                                                                          • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 354098117-199464113
                                                                                                                                                                                                                          • Opcode ID: 6b7234255da04e8200ca3abbe2650f2a8b2bb8fed900a823e11af2ea3cec7b8c
                                                                                                                                                                                                                          • Instruction ID: 50c2818951b64e4199aeef64c7c72c72cd7a88b3652a98b9195a6266a104b2b5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6b7234255da04e8200ca3abbe2650f2a8b2bb8fed900a823e11af2ea3cec7b8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88124C75A00215EFDB14CF94C884EAEBBB5FF8A314F248098F9059B291D771ED46CBA0
                                                                                                                                                                                                                          Function 00A2326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00AF1990), ref: 00A62F8D
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00AF1990), ref: 00A6303D
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00A63081
                                                                                                                                                                                                                          • SetForegroundWindow.USER32(00000000), ref: 00A6308A
                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(00AF1990,00000000,?,00000000,00000000,00000000), ref: 00A6309D
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00A630A9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 36266755-4108050209
                                                                                                                                                                                                                          • Opcode ID: 230c8c178e42cb3ad286ebf2687b1569f71f7ba5238e471e62bdadc2cf61e4f3
                                                                                                                                                                                                                          • Instruction ID: 65d67f723d02f926e7413b4059ad254db96039ef15a10e0240eae400cca5af29
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 230c8c178e42cb3ad286ebf2687b1569f71f7ba5238e471e62bdadc2cf61e4f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1711671640616BEEB219F68DC49FEABF79FF05324F204216F5246A1E1C7B1A920CB90
                                                                                                                                                                                                                          Function 00AB6CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,?), ref: 00AB6DEB
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00AB6E5F
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00AB6E81
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB6E94
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00AB6EB5
                                                                                                                                                                                                                          • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00A20000,00000000), ref: 00AB6EE4
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00AB6EFD
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00AB6F16
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000), ref: 00AB6F1D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00AB6F35
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00AB6F4D
                                                                                                                                                                                                                            • Part of subcall function 00A39944: GetWindowLongW.USER32(?,000000EB), ref: 00A39952
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                          • String ID: 0$tooltips_class32
                                                                                                                                                                                                                          • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                          • Opcode ID: 7d8f3c685f64f649ff7f5da30a5830bcbc33bd139fc70becd6b0c0774071ff8e
                                                                                                                                                                                                                          • Instruction ID: be6c4b9c756d36f2197fbfecd666ac9ebf632fc02724d8c544b0bc40a95d242e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d8f3c685f64f649ff7f5da30a5830bcbc33bd139fc70becd6b0c0774071ff8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 07716671504244AFDB21CF68DC98FBABBE9FB89314F04091DF98987262C778E906CB11
                                                                                                                                                                                                                          Function 00AB911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • DragQueryPoint.SHELL32(?,?), ref: 00AB9147
                                                                                                                                                                                                                            • Part of subcall function 00AB7674: ClientToScreen.USER32(?,?), ref: 00AB769A
                                                                                                                                                                                                                            • Part of subcall function 00AB7674: GetWindowRect.USER32(?,?), ref: 00AB7710
                                                                                                                                                                                                                            • Part of subcall function 00AB7674: PtInRect.USER32(?,?,00AB8B89), ref: 00AB7720
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00AB91B0
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00AB91BB
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00AB91DE
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00AB9225
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00AB923E
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00AB9255
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,?,?), ref: 00AB9277
                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 00AB927E
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00AB9371
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                          • API String ID: 221274066-3440237614
                                                                                                                                                                                                                          • Opcode ID: 1b58b78507d1e2efa554996d98d737517214938451df21df7a1a0843f1fdb038
                                                                                                                                                                                                                          • Instruction ID: fba8a4218b4378ac5899c7e5b7ad117a8d0f077125170ddaa05d0a0b1520c04e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b58b78507d1e2efa554996d98d737517214938451df21df7a1a0843f1fdb038
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F8616A71108301AFC701DFA4DD85DAFBBE9FF89750F000A2EF595921A2DB709A49CB92
                                                                                                                                                                                                                          Function 00A9C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A9C4B0
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A9C4C3
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A9C4D7
                                                                                                                                                                                                                          • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00A9C4F0
                                                                                                                                                                                                                          • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00A9C533
                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00A9C549
                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A9C554
                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A9C584
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00A9C5DC
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00A9C5F0
                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00A9C5FB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                          • Opcode ID: a9532a5a1ea7a8ec6967ac71428d70cc32a5cf5dd5f08d0cb2f64b099bd4b84a
                                                                                                                                                                                                                          • Instruction ID: 91ca2232abeddd6d8eb2cbc479cbac7f3ea44a0845d21bf4f275f050b2efae13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9532a5a1ea7a8ec6967ac71428d70cc32a5cf5dd5f08d0cb2f64b099bd4b84a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE515BB0640A08BFEF21DFA4C988EAB7BFCFF48764F004519F94696211DB34E9459B60
                                                                                                                                                                                                                          Function 00AB856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00AB8592
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85A2
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85AD
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85BA
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00AB85C8
                                                                                                                                                                                                                          • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85D7
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00AB85E0
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85E7
                                                                                                                                                                                                                          • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00AB85F8
                                                                                                                                                                                                                          • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00ABFC38,?), ref: 00AB8611
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00AB8621
                                                                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00AB8641
                                                                                                                                                                                                                          • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00AB8671
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00AB8699
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00AB86AF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3840717409-0
                                                                                                                                                                                                                          • Opcode ID: 167d77a39214ce00538e1b54746ec61caee50049496db14e33053ddf18df97f5
                                                                                                                                                                                                                          • Instruction ID: 7c8458a858f26954ab780529f78a98f910791cde06485252e31879c35db6ae83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 167d77a39214ce00538e1b54746ec61caee50049496db14e33053ddf18df97f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05410975600205AFDB11DFA9DC48EAA7BBCFF89721F104259F905E7262DB349902CB60
                                                                                                                                                                                                                          Function 00A914BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00A91502
                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 00A9150B
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A91517
                                                                                                                                                                                                                          • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00A915FB
                                                                                                                                                                                                                          • VarR8FromDec.OLEAUT32(?,?), ref: 00A91657
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00A91708
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00A9178C
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A917D8
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A917E7
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 00A91823
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                          • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                          • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                          • Opcode ID: f5a5ae912ace14533e9f87dd0841ba4a7fc25566d080ae1041a265f0f007a47b
                                                                                                                                                                                                                          • Instruction ID: 876d3e5f61f8d8be3bd0fc6578eb584f7262b06e5c54f36a3c49aedd8ef359ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5a5ae912ace14533e9f87dd0841ba4a7fc25566d080ae1041a265f0f007a47b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83D1DD31B00216EBDF009FA5E989B79B7F5BF44700F128166F446AB291DB30ED42DBA1
                                                                                                                                                                                                                          Function 00AAB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAB6AE,?,?), ref: 00AAC9B5
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AAC9F1
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA68
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA9E
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AAB6F4
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AAB772
                                                                                                                                                                                                                          • RegDeleteValueW.ADVAPI32(?,?), ref: 00AAB80A
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00AAB87E
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00AAB89C
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00AAB8F2
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00AAB904
                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AAB922
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00AAB983
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AAB994
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                          • API String ID: 146587525-4033151799
                                                                                                                                                                                                                          • Opcode ID: 6189bc1848d0aa596b6fd01e4cdecc9e86b132bc756a5d2a12aad8bf547fed07
                                                                                                                                                                                                                          • Instruction ID: c9c09227bc2e1e31263ab7a51b7858a7d10c8bc2315cfdbc482d42e2ed8eee4f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6189bc1848d0aa596b6fd01e4cdecc9e86b132bc756a5d2a12aad8bf547fed07
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EC19D30218201AFD714DF18C594F2ABBE5BF89318F14856CF49A4B2A3CB75EC46CBA1
                                                                                                                                                                                                                          Function 00AA255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00AA25D8
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00AA25E8
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00AA25F4
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00AA2601
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00AA266D
                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00AA26AC
                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00AA26D0
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00AA26D8
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00AA26E1
                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 00AA26E8
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,?), ref: 00AA26F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                          • Opcode ID: 22430df5d2e8b8ccbbe0143a2155ccb77a8ce4bf39345e255cc646c3cd4684ef
                                                                                                                                                                                                                          • Instruction ID: 8fea150df9119f96526345d684f8b7be95cb66b7701b24c376a89aa7e0dcbb0c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22430df5d2e8b8ccbbe0143a2155ccb77a8ce4bf39345e255cc646c3cd4684ef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3261E075D00219EFCF04CFE8D984EAEBBB5FF48310F208529E955A7261E770A9518FA0
                                                                                                                                                                                                                          Function 00A5DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 00A5DAA1
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D659
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D66B
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D67D
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D68F
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6A1
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6B3
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6C5
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6D7
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6E9
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D6FB
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D70D
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D71F
                                                                                                                                                                                                                            • Part of subcall function 00A5D63C: _free.LIBCMT ref: 00A5D731
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DA96
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DAB8
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DACD
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DAD8
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DAFA
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB0D
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB1B
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB26
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB5E
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB65
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB82
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5DB9A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                                                                          • Opcode ID: e643f756d19e4d7db6e93c4a51efc997b1301ad021b8c7ff8f599e5cf6431e61
                                                                                                                                                                                                                          • Instruction ID: f99f45ac45f42fb3bef381289d1513b081ff9353b47a31b3126db8fd9a35c86c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e643f756d19e4d7db6e93c4a51efc997b1301ad021b8c7ff8f599e5cf6431e61
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1314A31604705DFEB31AB39E945B9A77E9FF41352F154419F849E7292DA31AC88C720
                                                                                                                                                                                                                          Function 00A8365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00A8369C
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A836A7
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00A83797
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00A8380C
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00A8385D
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A83882
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00A838A0
                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000), ref: 00A838A7
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00A83921
                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00A8395D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                          • String ID: %s%u
                                                                                                                                                                                                                          • API String ID: 4010501982-679674701
                                                                                                                                                                                                                          • Opcode ID: 1427885f81e4a1afb6649d2d0cfa33c123d36a5961f2d87a45479fd923862c64
                                                                                                                                                                                                                          • Instruction ID: d4faceaba823abed580bdf8e5b82ad0f8f6c11e57345c62927069c02b33a8238
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1427885f81e4a1afb6649d2d0cfa33c123d36a5961f2d87a45479fd923862c64
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C91E672204706AFDB14EF64C895FEAF7A8FF44B10F004629F999C2191EB30EA45CB91
                                                                                                                                                                                                                          Function 00A84954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00A84994
                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00A849DA
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A849EB
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,00000000), ref: 00A849F7
                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00A84A2C
                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00A84A64
                                                                                                                                                                                                                          • GetWindowTextW.USER32(?,?,00000400), ref: 00A84A9D
                                                                                                                                                                                                                          • GetClassNameW.USER32(00000018,?,00000400), ref: 00A84AE6
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000400), ref: 00A84B20
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A84B8B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                          • String ID: ThumbnailClass
                                                                                                                                                                                                                          • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                          • Opcode ID: 6f8c7ff7078c6fcc95d55cce1a3a2094a4e83b1db2560a6ef17018b02754acb3
                                                                                                                                                                                                                          • Instruction ID: 8adc46305e36f909c8899181e556941e23f6db1103dd355eb249921cfaf33d1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6f8c7ff7078c6fcc95d55cce1a3a2094a4e83b1db2560a6ef17018b02754acb3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6491D2714042069FDB04EF54C985FAABBE8FF88354F04856AFD859A096EB30ED45CBA1
                                                                                                                                                                                                                          Function 00AB8D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AB8D5A
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00AB8D6A
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 00AB8D75
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00AB8E1D
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00AB8ECF
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00AB8EEC
                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00AB8EFC
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00AB8F2E
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00AB8F70
                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00AB8FA1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                          • Opcode ID: 851b103ed49c3adabec7cfce63aa880546fcc1c06eee15bc8f9d8c61b579125f
                                                                                                                                                                                                                          • Instruction ID: 9755a1e20453410ceab0847f89bd24f86f7c53d0f0b0a194c15a3c14da476d31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 851b103ed49c3adabec7cfce63aa880546fcc1c06eee15bc8f9d8c61b579125f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23818D715043019FDB20CF28D984EBBBBEDFB88754F140A1AF98597292DB78D901CBA1
                                                                                                                                                                                                                          Function 00A8BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00AF1990,000000FF,00000000,00000030), ref: 00A8BFAC
                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(00AF1990,00000004,00000000,00000030), ref: 00A8BFE1
                                                                                                                                                                                                                          • Sleep.KERNEL32(000001F4), ref: 00A8BFF3
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(?), ref: 00A8C039
                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,00000000), ref: 00A8C056
                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,-00000001), ref: 00A8C082
                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 00A8C0C9
                                                                                                                                                                                                                          • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A8C10F
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8C124
                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8C145
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 1460738036-4108050209
                                                                                                                                                                                                                          • Opcode ID: 3632e3ea9ad1a2170c69185932b35f0ca5ac96e4f068ee880ec17ca215e47483
                                                                                                                                                                                                                          • Instruction ID: 9a9602613256ef09c6bcbce17c44240ff0e2647daa651aebc72376d6bd01aa64
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3632e3ea9ad1a2170c69185932b35f0ca5ac96e4f068ee880ec17ca215e47483
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 446180B090024AAFDF21EFA4DD88EAE7BB8EB05364F104255E951A7292C735AD15CF70
                                                                                                                                                                                                                          Function 00A8DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00A8DC20
                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00A8DC46
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8DC50
                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00A8DCA0
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00A8DCBC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                          • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                          • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                          • Opcode ID: 21d9334f201d3d7abd45bb5ffd02158aa2414220e5c5bb1b3a5b5bea806cbcf7
                                                                                                                                                                                                                          • Instruction ID: ecae6d2dd7924681b5695010e8f53c9900ac8a610a8ddc3661e991e7bd620269
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21d9334f201d3d7abd45bb5ffd02158aa2414220e5c5bb1b3a5b5bea806cbcf7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2410F729402007ADB10BB75DD03EFF77ACEF91760F10046AF900A61D3EB749A0197A5
                                                                                                                                                                                                                          Function 00AACC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00AACC64
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00AACC8D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00AACD48
                                                                                                                                                                                                                            • Part of subcall function 00AACC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00AACCAA
                                                                                                                                                                                                                            • Part of subcall function 00AACC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00AACCBD
                                                                                                                                                                                                                            • Part of subcall function 00AACC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00AACCCF
                                                                                                                                                                                                                            • Part of subcall function 00AACC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00AACD05
                                                                                                                                                                                                                            • Part of subcall function 00AACC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00AACD28
                                                                                                                                                                                                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00AACCF3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                          • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                          • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                          • Opcode ID: 95c8ecc6e0f32be7260179c4e59c8353decc6423a1a980dc7142a08fc0c976c2
                                                                                                                                                                                                                          • Instruction ID: e6ce79b9bd3425458c1f795535fa40275a6617ddb8433137f55d13d947876160
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95c8ecc6e0f32be7260179c4e59c8353decc6423a1a980dc7142a08fc0c976c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA318271901128BBE720DB95DC88EFFBB7CEF16760F000265B905E3251D7749A469AB0
                                                                                                                                                                                                                          Function 00A93D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00A93D40
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A93D6D
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A93D9D
                                                                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00A93DBE
                                                                                                                                                                                                                          • RemoveDirectoryW.KERNEL32(?), ref: 00A93DCE
                                                                                                                                                                                                                          • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00A93E55
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A93E60
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00A93E6B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                          • String ID: :$\$\??\%s
                                                                                                                                                                                                                          • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                          • Opcode ID: 3d2fd299137adb7c0a6cb01cf7bc4a7d0e3dba36a8e77bcc7524fedab678d39e
                                                                                                                                                                                                                          • Instruction ID: 508e797fb49fc793a8f1bd366495d847189e99b582d27b8b25821096b5878bd6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d2fd299137adb7c0a6cb01cf7bc4a7d0e3dba36a8e77bcc7524fedab678d39e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4318C76A04209ABDF20DBA0DC49FEB77FCAF88710F1041A5F619D6061EB7097458B24
                                                                                                                                                                                                                          Function 00A8E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • timeGetTime.WINMM ref: 00A8E6B4
                                                                                                                                                                                                                            • Part of subcall function 00A3E551: timeGetTime.WINMM(?,?,00A8E6D4), ref: 00A3E555
                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 00A8E6E1
                                                                                                                                                                                                                          • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00A8E705
                                                                                                                                                                                                                          • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00A8E727
                                                                                                                                                                                                                          • SetActiveWindow.USER32 ref: 00A8E746
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00A8E754
                                                                                                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00A8E773
                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA), ref: 00A8E77E
                                                                                                                                                                                                                          • IsWindow.USER32 ref: 00A8E78A
                                                                                                                                                                                                                          • EndDialog.USER32(00000000), ref: 00A8E79B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                          • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                          • Opcode ID: ce540c2f1f4eee9f7ab9acbf2a79f632f30765617f90d7b8fcb3e9449fbd8f49
                                                                                                                                                                                                                          • Instruction ID: 805eacb5edff03015e8e348dd20f97ed1df74be393a9351a4b2d888cd18a1f78
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce540c2f1f4eee9f7ab9acbf2a79f632f30765617f90d7b8fcb3e9449fbd8f49
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 072129B1200245EFEB50EFE0EC89F363B69E754B59B101635F515C21B2EAA2AC12DB24
                                                                                                                                                                                                                          Function 00A8E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00A8EA5D
                                                                                                                                                                                                                          • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00A8EA73
                                                                                                                                                                                                                          • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00A8EA84
                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00A8EA96
                                                                                                                                                                                                                          • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00A8EAA7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: SendString$_wcslen
                                                                                                                                                                                                                          • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                          • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                          • Opcode ID: 2c9dab6f2a9bdf1565d1ca74190b6bf5b396d96ee898f8a91d0f1745682d5d00
                                                                                                                                                                                                                          • Instruction ID: 08cfc45e4fccd5ad29b85502a7b9c439fa3fe7b5ca65e1fc130fae36a1440b56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c9dab6f2a9bdf1565d1ca74190b6bf5b396d96ee898f8a91d0f1745682d5d00
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B11423165026979D724E7A6DD4ADFFAA7CFBD1F80F000C25B411A20D1DA700945C6B0
                                                                                                                                                                                                                          Function 00A89F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00A8A012
                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 00A8A07D
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00A8A09D
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00A8A0B4
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00A8A0E3
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00A8A0F4
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00A8A120
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00A8A12E
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00A8A157
                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00A8A165
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00A8A18E
                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00A8A19C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                          • Opcode ID: bc8d879dabdbf3d1e66fd458a6b974505e95e0028c5e6841dcdbbf0318af8440
                                                                                                                                                                                                                          • Instruction ID: e9320944d6c0f7d34c6193d04682ead5be19bc9d056092abd93e155eb0d35a09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc8d879dabdbf3d1e66fd458a6b974505e95e0028c5e6841dcdbbf0318af8440
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5751AB3090478829FB35FBA08915BEBBFB55F21340F0C869AD5C6571C3EA54AE4CC762
                                                                                                                                                                                                                          Function 00A85CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00A85CE2
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00A85CFB
                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00A85D59
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00A85D69
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00A85D7B
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00A85DCF
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00A85DDD
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00A85DEF
                                                                                                                                                                                                                          • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00A85E31
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003EA), ref: 00A85E44
                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00A85E5A
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00A85E67
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3096461208-0
                                                                                                                                                                                                                          • Opcode ID: 1ca6ea0049dd88c3cd4d962f343bf7b4999ab260b8a202c18e33550512ac82b7
                                                                                                                                                                                                                          • Instruction ID: 42a98cfc11ec43b8e9da064eeab2f1d8d4b3576a90130eb1916c4c5cb5609abe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ca6ea0049dd88c3cd4d962f343bf7b4999ab260b8a202c18e33550512ac82b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62511C70E00609AFDF18DFA8CD99EAEBBB5FB48310F148229F915E6291D7709E05CB50
                                                                                                                                                                                                                          Function 00A38BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A38F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00A38BE8,?,00000000,?,?,?,?,00A38BBA,00000000,?), ref: 00A38FC5
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00A38C81
                                                                                                                                                                                                                          • KillTimer.USER32(00000000,?,?,?,?,00A38BBA,00000000,?), ref: 00A38D1B
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(00000000), ref: 00A76973
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00A38BBA,00000000,?), ref: 00A769A1
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00A38BBA,00000000,?), ref: 00A769B8
                                                                                                                                                                                                                          • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00A38BBA,00000000), ref: 00A769D4
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00A769E6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 641708696-0
                                                                                                                                                                                                                          • Opcode ID: ce58e534cf93deef9826119605c6914946aad13da96e9e0972a3155ea0ef7292
                                                                                                                                                                                                                          • Instruction ID: 9b91ad15ba6fc9367570bfbaa2f6e5abe59b25668f8ed08b211746eae21e0618
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce58e534cf93deef9826119605c6914946aad13da96e9e0972a3155ea0ef7292
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3617B31502B00DFCB25DFA5DE58B26B7F1FB50352F149518F0469B960CB79AD82CBA0
                                                                                                                                                                                                                          Function 00A39838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39944: GetWindowLongW.USER32(?,000000EB), ref: 00A39952
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00A39862
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ColorLongWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 259745315-0
                                                                                                                                                                                                                          • Opcode ID: 7c0f2fca4f9def9336232c8d49ef5b5152b700afd64fdefc1c605d17cf8bf29b
                                                                                                                                                                                                                          • Instruction ID: 0c88915028beac52d414be5c67db1edacf11d90a033d15544070495157fe618d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c0f2fca4f9def9336232c8d49ef5b5152b700afd64fdefc1c605d17cf8bf29b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5419131104644AFDB209F7CAC84BBB7BA5AB46331F148715F9A6972F2D7B19C42DB10
                                                                                                                                                                                                                          Function 00A896E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00A6F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00A89717
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00A6F7F8,00000001), ref: 00A89720
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00A6F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00A89742
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00A6F7F8,00000001), ref: 00A89745
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00A89866
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                          • API String ID: 747408836-2268648507
                                                                                                                                                                                                                          • Opcode ID: cf64673a73c04d6a8a9bc0733cefd185a4621a06e85435fa8f11ada10a9147c6
                                                                                                                                                                                                                          • Instruction ID: 28a97b87eee41f637b1fb00e8913b46b69de6e5b51785dab30b2a78c5eb9622a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf64673a73c04d6a8a9bc0733cefd185a4621a06e85435fa8f11ada10a9147c6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2412872800229AACF04FBE4EE86EEFB779AF15740F140535F60576092EA356F49CB61
                                                                                                                                                                                                                          Function 00A806DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00A807A2
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00A807BE
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00A807DA
                                                                                                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00A80804
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00A8082C
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A80837
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00A8083C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                          • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                          • API String ID: 323675364-22481851
                                                                                                                                                                                                                          • Opcode ID: 6c8739f86586ce8986b88d9f4ad441be3051fe1f648db4d2ac113c20c43defaf
                                                                                                                                                                                                                          • Instruction ID: 170971e68d5de973115a4b448c4452822a3a78142ae217329ae78aa3aa1caf1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c8739f86586ce8986b88d9f4ad441be3051fe1f648db4d2ac113c20c43defaf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90411772C10229ABCF15EFA8ED85CEEB778BF04750F044529E911A7161EB309E48CBA0
                                                                                                                                                                                                                          Function 00AB3F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00AB403B
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 00AB4042
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00AB4055
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00AB405D
                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,00000000,00000000), ref: 00AB4068
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 00AB4072
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00AB407C
                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00AB4092
                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00AB409E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                          • API String ID: 2559357485-2160076837
                                                                                                                                                                                                                          • Opcode ID: 4bfed9444ae11fc657b557193121c038cb217eb0e7ceb18c73cf8a353d9b5e9d
                                                                                                                                                                                                                          • Instruction ID: ace944e7dd38667171fdec83aa9c453cc928ce738327f7a99e34acd39307b7d2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bfed9444ae11fc657b557193121c038cb217eb0e7ceb18c73cf8a353d9b5e9d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81315A32501219BBDF21AFA8DC09FEA3B6CEF0D320F110311FA55A61A2C779D851DBA4
                                                                                                                                                                                                                          Function 00AA3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00AA3C5C
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00AA3C8A
                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00AA3C94
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AA3D2D
                                                                                                                                                                                                                          • GetRunningObjectTable.OLE32(00000000,?), ref: 00AA3DB1
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,00000029), ref: 00AA3ED5
                                                                                                                                                                                                                          • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00AA3F0E
                                                                                                                                                                                                                          • CoGetObject.OLE32(?,00000000,00ABFB98,?), ref: 00AA3F2D
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000), ref: 00AA3F40
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00AA3FC4
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00AA3FD8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 429561992-0
                                                                                                                                                                                                                          • Opcode ID: d5f88a76917715b2f5672ead042cf1949baa0f372c41f0126efe9438467e8809
                                                                                                                                                                                                                          • Instruction ID: 5df5eca81ab3125cbf7d4250b232647ba42c7e519d523acc0925ac5e62f157e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5f88a76917715b2f5672ead042cf1949baa0f372c41f0126efe9438467e8809
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CC146726083019FDB00DF68C98492BB7E9FF8A754F14491DF98A9B261D731EE05CB52
                                                                                                                                                                                                                          Function 00A97A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00A97AF3
                                                                                                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00A97B8F
                                                                                                                                                                                                                          • SHGetDesktopFolder.SHELL32(?), ref: 00A97BA3
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(00ABFD08,00000000,00000001,00AE6E6C,?), ref: 00A97BEF
                                                                                                                                                                                                                          • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00A97C74
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?), ref: 00A97CCC
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 00A97D57
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00A97D7A
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00A97D81
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00A97DD6
                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00A97DDC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2762341140-0
                                                                                                                                                                                                                          • Opcode ID: d917b17e00f3cc2b7295a646f0d2067826227f23f87aa830ced36d5fea68db37
                                                                                                                                                                                                                          • Instruction ID: ccf002ccb4288397edfdf76536e282eb16db11e33c0f9c0c8ac05c8c406fa94e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d917b17e00f3cc2b7295a646f0d2067826227f23f87aa830ced36d5fea68db37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98C11D75A04115AFCB14DFA8C884DAEBBF5FF48314B1485A9F4169B262D730EE45CBA0
                                                                                                                                                                                                                          Function 00AB541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00AB5504
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AB5515
                                                                                                                                                                                                                          • CharNextW.USER32(00000158), ref: 00AB5544
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00AB5585
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00AB559B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AB55AC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CharNext
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1350042424-0
                                                                                                                                                                                                                          • Opcode ID: e8829ed80815a0280812cc4cf9121214e5fef67f6c99f2e9b0b24bcd67620c15
                                                                                                                                                                                                                          • Instruction ID: 14234071087ffba5d726f7d9dfa3aa52645900b0c16e2d0ea84fcc5b3f9f12a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8829ed80815a0280812cc4cf9121214e5fef67f6c99f2e9b0b24bcd67620c15
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4615C31D04608AFDB20DFA4CC85EFE7BBDEB09725F108145F525AA2A2D7749A81DB60
                                                                                                                                                                                                                          Function 00A7FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00A7FAAF
                                                                                                                                                                                                                          • SafeArrayAllocData.OLEAUT32(?), ref: 00A7FB08
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00A7FB1A
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 00A7FB3A
                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 00A7FB8D
                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 00A7FBA1
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A7FBB6
                                                                                                                                                                                                                          • SafeArrayDestroyData.OLEAUT32(?), ref: 00A7FBC3
                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A7FBCC
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A7FBDE
                                                                                                                                                                                                                          • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00A7FBE9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2706829360-0
                                                                                                                                                                                                                          • Opcode ID: 5fac28a2c965225dfd1027358c8fe8c865261af3a4e5624f00fbb2b9ec163744
                                                                                                                                                                                                                          • Instruction ID: 67d5305d49504efd080a9449a23d760a007e2918188f0fe0b071c5668b8d4e3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fac28a2c965225dfd1027358c8fe8c865261af3a4e5624f00fbb2b9ec163744
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C414435A00219DFCB04DFA8DC58DADBBB9EF48354F00C565E955A7261C730AA46CFA0
                                                                                                                                                                                                                          Function 00A89C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00A89CA1
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A0), ref: 00A89D22
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A0), ref: 00A89D3D
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(000000A1), ref: 00A89D57
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A1), ref: 00A89D6C
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000011), ref: 00A89D84
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00A89D96
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000012), ref: 00A89DAE
                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 00A89DC0
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(0000005B), ref: 00A89DD8
                                                                                                                                                                                                                          • GetKeyState.USER32(0000005B), ref: 00A89DEA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$Async$Keyboard
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 541375521-0
                                                                                                                                                                                                                          • Opcode ID: 6122e50f2ffd13b0fd29c66173fea52150e5380a6608b4098efa76d16e6f0992
                                                                                                                                                                                                                          • Instruction ID: 5c4cb68337d7c667de12e88239865efd0411075f06daa3317e71c9a52f61371e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6122e50f2ffd13b0fd29c66173fea52150e5380a6608b4098efa76d16e6f0992
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C41D874A047C96DFF31A760C8047B7BEE06F11344F0C815ADAC6565C2DBA599C8C7A6
                                                                                                                                                                                                                          Function 00AA055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WSAStartup.WSOCK32(00000101,?), ref: 00AA05BC
                                                                                                                                                                                                                          • inet_addr.WSOCK32(?), ref: 00AA061C
                                                                                                                                                                                                                          • gethostbyname.WSOCK32(?), ref: 00AA0628
                                                                                                                                                                                                                          • IcmpCreateFile.IPHLPAPI ref: 00AA0636
                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00AA06C6
                                                                                                                                                                                                                          • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00AA06E5
                                                                                                                                                                                                                          • IcmpCloseHandle.IPHLPAPI(?), ref: 00AA07B9
                                                                                                                                                                                                                          • WSACleanup.WSOCK32 ref: 00AA07BF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                          • String ID: Ping
                                                                                                                                                                                                                          • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                          • Opcode ID: cfaf06697f18846881908e2efb26916321b2cf98df28ce4d6d9d5a6e531e9d37
                                                                                                                                                                                                                          • Instruction ID: 6dca6b1362b08a33271297369aeeb41823c96cac17afea5be8faa234392a8c06
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cfaf06697f18846881908e2efb26916321b2cf98df28ce4d6d9d5a6e531e9d37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E891AF35A046019FD320CF19D588F1ABBE0AF4A318F1485A9F46A9B7A2C770FD45CF91
                                                                                                                                                                                                                          Function 00AA8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                          • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                          • API String ID: 707087890-567219261
                                                                                                                                                                                                                          • Opcode ID: 9550327cb4d0b72b8a987b5d855fa57ee88639e992d8b7a3b476db56688d20a4
                                                                                                                                                                                                                          • Instruction ID: 35fc12bb5e5212ee9a5b3c6b8c618ea9793bfcebf74e6ce37c495ff55fbb3392
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9550327cb4d0b72b8a987b5d855fa57ee88639e992d8b7a3b476db56688d20a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B51A231A00126DBCF24DF6CC9509BEB7A5BF66724B244229E826E72C5EF39DD41C790
                                                                                                                                                                                                                          Function 00AA372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoInitialize.OLE32 ref: 00AA3774
                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00AA377F
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,00ABFB78,?), ref: 00AA37D9
                                                                                                                                                                                                                          • IIDFromString.OLE32(?,?), ref: 00AA384C
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00AA38E4
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00AA3936
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                          • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                          • API String ID: 636576611-1287834457
                                                                                                                                                                                                                          • Opcode ID: 9d5d79cbafcd08c74e44d94b149ceff0a229a5f8038bda4883146e59bae35746
                                                                                                                                                                                                                          • Instruction ID: 049a218fb68ba0e4c68c3a6fe98ca17dfec7530fa930f3711a7f004f722419f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9d5d79cbafcd08c74e44d94b149ceff0a229a5f8038bda4883146e59bae35746
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3561C072608311AFD710DF54D948F6AB7E8EF4A710F100919F9859B291D774EE48CB92
                                                                                                                                                                                                                          Function 00A93388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00A933CF
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00A933F0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                          • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                          • Opcode ID: f2d174140341999aa570185a4ee8142a2975d19fbf57ea2781dd2c86201598eb
                                                                                                                                                                                                                          • Instruction ID: 47019a4800ef9e7f893e33fb014c822e04dce777684086bd48a2462af1709250
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2d174140341999aa570185a4ee8142a2975d19fbf57ea2781dd2c86201598eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4051AA72900219BACF14EBE4EE46EEEB7B8AF18740F144575F005760A2EB312F58DB61
                                                                                                                                                                                                                          Function 00A8B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                          • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                          • API String ID: 1256254125-769500911
                                                                                                                                                                                                                          • Opcode ID: f5be47d9f3de302247dbe379982f0665fcf5711f3b4b59a444f3f2afc0ff8f26
                                                                                                                                                                                                                          • Instruction ID: 8dadffe2b7e36af769f4ad672573f3929106f479d9eb52842ce99be47c48b106
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f5be47d9f3de302247dbe379982f0665fcf5711f3b4b59a444f3f2afc0ff8f26
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A941D532A111279BCB207F7D89905BE77B5BFA47A4B244639E461DB284F731CD82C7A0
                                                                                                                                                                                                                          Function 00A95393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00A953A0
                                                                                                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00A95416
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A95420
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,READY), ref: 00A954A7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                          • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                          • API String ID: 4194297153-14809454
                                                                                                                                                                                                                          • Opcode ID: c6b49cc582ee2817c0d38709bb1fe7c9988a77f6f52b0c332f1a8b2e2039fa13
                                                                                                                                                                                                                          • Instruction ID: c039077d34d431da03517bfdc976f019cf9f1007746814c0cb4120d9921d1da1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b49cc582ee2817c0d38709bb1fe7c9988a77f6f52b0c332f1a8b2e2039fa13
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF319F39F006049FDB52DF68C986AAABBF5EF84305F148065E405DB2A2D731DD82CB90
                                                                                                                                                                                                                          Function 00AB3C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateMenu.USER32 ref: 00AB3C79
                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00AB3C88
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AB3D10
                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00AB3D24
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00AB3D2E
                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AB3D5B
                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00AB3D63
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                          • String ID: 0$F
                                                                                                                                                                                                                          • API String ID: 161812096-3044882817
                                                                                                                                                                                                                          • Opcode ID: 0912c3c4e3ec1ba60e1aef1ff2e0edd42f4dde701148d4bb6b82065a79101c99
                                                                                                                                                                                                                          • Instruction ID: 714e4087b6894403f671af078df2e4817ca9ec335a6543499a562464c99ccda8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0912c3c4e3ec1ba60e1aef1ff2e0edd42f4dde701148d4bb6b82065a79101c99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA416C75A01209EFDF24CFA4D884EEA7BB9FF49350F140529F94697362D770AA11CB90
                                                                                                                                                                                                                          Function 00A81EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00A81F64
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 00A81F6F
                                                                                                                                                                                                                          • GetParent.USER32 ref: 00A81F8B
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A81F8E
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00A81F97
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00A81FAB
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A81FAE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                          • Opcode ID: abf00c7e52552fe9f525c05803abca83a8881de93793f15c1df91cb20c620e97
                                                                                                                                                                                                                          • Instruction ID: 6743cae5ee01b72e6b59f9a5a0962f6fb5836f64f04c43df36a31601c228ca13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: abf00c7e52552fe9f525c05803abca83a8881de93793f15c1df91cb20c620e97
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9521C275D00214BBCF04EFA4DC95DEEBBB8EF09310F000216FA61672A1DB785909DB60
                                                                                                                                                                                                                          Function 00A81FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00A82043
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32 ref: 00A8204E
                                                                                                                                                                                                                          • GetParent.USER32 ref: 00A8206A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A8206D
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(?), ref: 00A82076
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00A8208A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,00000111,?), ref: 00A8208D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 711023334-1403004172
                                                                                                                                                                                                                          • Opcode ID: 63858dec7d9a9d2796e6650b5f751a73e532b860ad43437f2f7c845d15fc336a
                                                                                                                                                                                                                          • Instruction ID: 00624dec85ef4fad30e552bde7b2a812a2d4452b9e2a4da6f128ca7b5d9fdb79
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63858dec7d9a9d2796e6650b5f751a73e532b860ad43437f2f7c845d15fc336a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F21CFB5D00218BBCF10EFA4DC95EFEBBB8AF09310F004416B951A71A2DA794919DB60
                                                                                                                                                                                                                          Function 00AB3A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00AB3A9D
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00AB3AA0
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB3AC7
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00AB3AEA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00AB3B62
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00AB3BAC
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00AB3BC7
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00AB3BE2
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00AB3BF6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00AB3C13
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 312131281-0
                                                                                                                                                                                                                          • Opcode ID: 320b547fe23e0bedb70748f7fe57964e9b151222d8ce2bbcd17821ebbc4ad15e
                                                                                                                                                                                                                          • Instruction ID: 651c5b29361c4049467a2515cd24ad907a66d7ea183e7fbd938bac5ab2d0c0fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 320b547fe23e0bedb70748f7fe57964e9b151222d8ce2bbcd17821ebbc4ad15e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE618B75900248AFDB10DFA8CD81EEE77B8EF09700F100199FA15E72A2C7B4AE46DB50
                                                                                                                                                                                                                          Function 00A8B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00A8B151
                                                                                                                                                                                                                          • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B165
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(00000000), ref: 00A8B16C
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B17B
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A8B18D
                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B1A6
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B1B8
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B1FD
                                                                                                                                                                                                                          • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B212
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00A8A1E1,?,00000001), ref: 00A8B21D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2156557900-0
                                                                                                                                                                                                                          • Opcode ID: f8839eaf368b547b8dcd773dd83f2711cf48cfac9a6a4c859cf61e54577c9335
                                                                                                                                                                                                                          • Instruction ID: 06cf3cf781b6586d2fcebb023c7c6596b38008a984f2bac066d109ee02cacd9f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8839eaf368b547b8dcd773dd83f2711cf48cfac9a6a4c859cf61e54577c9335
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0318EB2510214AFDB10EFE4DC58FBD7BA9BB51321F104116FA06D61A1EBB4AA42CF74
                                                                                                                                                                                                                          Function 00A52C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52C94
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CA0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CAB
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CB6
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CC1
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CCC
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CD7
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CE2
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CED
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52CFB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: 7ae5672dc7f13af31cd2267a9d39bb5143e275cf0f37cd2b3e65cfd481077f80
                                                                                                                                                                                                                          • Instruction ID: 31464829559725c07f0e0382298f2c5198229a0da033ae746ff132e279ac2185
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ae5672dc7f13af31cd2267a9d39bb5143e275cf0f37cd2b3e65cfd481077f80
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98119376100108EFCB02EF54DA82EDD3BA5FF46351F5144A5FE48AB322DA31EE549B90
                                                                                                                                                                                                                          Function 00A97DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00A97FAD
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A97FC1
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?), ref: 00A97FEB
                                                                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00A98005
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98017
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?), ref: 00A98060
                                                                                                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00A980B0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 769691225-438819550
                                                                                                                                                                                                                          • Opcode ID: fc88a543ae274acdeab772513f1cd0438d60008a2f60cb13b1b533d7675746e6
                                                                                                                                                                                                                          • Instruction ID: 36bd9889bfdf1733b550a9ee27819d58b176a64ce8e0c8922955f4205d4a8733
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc88a543ae274acdeab772513f1cd0438d60008a2f60cb13b1b533d7675746e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD81A0726182019BCF24EF18C9449AEB3E8BF89710F544C6EF885D7251EB34DD45CBA2
                                                                                                                                                                                                                          Function 00A25BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EB), ref: 00A25C7A
                                                                                                                                                                                                                            • Part of subcall function 00A25D0A: GetClientRect.USER32(?,?), ref: 00A25D30
                                                                                                                                                                                                                            • Part of subcall function 00A25D0A: GetWindowRect.USER32(?,?), ref: 00A25D71
                                                                                                                                                                                                                            • Part of subcall function 00A25D0A: ScreenToClient.USER32(?,?), ref: 00A25D99
                                                                                                                                                                                                                          • GetDC.USER32 ref: 00A646F5
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00A64708
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00A64716
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00A6472B
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00A64733
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00A647C4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                          • String ID: U
                                                                                                                                                                                                                          • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                          • Opcode ID: f3e11da1007a03530b67737d70593810b06062b7b309188589b776e3bd52ef9f
                                                                                                                                                                                                                          • Instruction ID: f31063bc08eff80d6a58bfcabf52d8cfb3ddabd55618dae0a1ea551c889579e7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f3e11da1007a03530b67737d70593810b06062b7b309188589b776e3bd52ef9f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC71CF35900205DFCF21CFA8C984AFA7BB5FF4A360F144269ED555A2A6D7319C41DF60
                                                                                                                                                                                                                          Function 00A9359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00A935E4
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • LoadStringW.USER32(00AF2390,?,00000FFF,?), ref: 00A9360A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LoadString$_wcslen
                                                                                                                                                                                                                          • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                          • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                          • Opcode ID: f80a289dbe5adb5938d85851b739be9848a809d85b3155d717185784435a8d76
                                                                                                                                                                                                                          • Instruction ID: c91bdb5d5523a3cb7ae476e7778ad2491d618346db91cae949b7577b1c79e022
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f80a289dbe5adb5938d85851b739be9848a809d85b3155d717185784435a8d76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94517C72D0021ABACF14EBE4EE42EEEBB78AF14740F044525F105760A2EB301B99DF61
                                                                                                                                                                                                                          Function 00AB8B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetCursorPos.USER32(?), ref: 00A39141
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: ScreenToClient.USER32(00000000,?), ref: 00A3915E
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetAsyncKeyState.USER32(00000001), ref: 00A39183
                                                                                                                                                                                                                            • Part of subcall function 00A3912D: GetAsyncKeyState.USER32(00000002), ref: 00A3919D
                                                                                                                                                                                                                          • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00AB8B6B
                                                                                                                                                                                                                          • ImageList_EndDrag.COMCTL32 ref: 00AB8B71
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00AB8B77
                                                                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00AB8C12
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00AB8C25
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00AB8CFF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                          • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                          • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                          • Opcode ID: 2810f47baec73ce13a1604904abc173db5fb7b5866c0ad5a66ff43a4f274326f
                                                                                                                                                                                                                          • Instruction ID: 221511cc4f2b124e94da3962bfe66d1070529aa0b7a3b2154fc6cb2a4b934ced
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2810f47baec73ce13a1604904abc173db5fb7b5866c0ad5a66ff43a4f274326f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60518C71104304AFD704DF68DD96FAA7BE8FB88710F40062DF952972E2CB75A905CBA2
                                                                                                                                                                                                                          Function 00A9C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A9C272
                                                                                                                                                                                                                          • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00A9C29A
                                                                                                                                                                                                                          • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00A9C2CA
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A9C322
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 00A9C336
                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 00A9C341
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                          • Opcode ID: 83ca42c640fc9c7f161c932b76231af724b903ca3964ede87f46153f749a8093
                                                                                                                                                                                                                          • Instruction ID: a4791cd7cecc9ccfe22f4eec014e1fa0f53f8b7bc66874c27937406580ec5765
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83ca42c640fc9c7f161c932b76231af724b903ca3964ede87f46153f749a8093
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35319CB1600B08AFDB21DFA48D88EABBBFCEB49760B10851EF44697211DB30DD459B60
                                                                                                                                                                                                                          Function 00A8989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00A63AAF,?,?,Bad directive syntax error,00ABCC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00A898BC
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,?,00A63AAF,?), ref: 00A898C3
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00A89987
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                          • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                          • API String ID: 858772685-4153970271
                                                                                                                                                                                                                          • Opcode ID: f22c6a058e19cfa71adf9bf0708220fd011c465c34c6e9ddb949320e7f4faa53
                                                                                                                                                                                                                          • Instruction ID: a7942e3692021dc5416cc68fc562e74505a208bb53d5a45af778cf132ac5b776
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f22c6a058e19cfa71adf9bf0708220fd011c465c34c6e9ddb949320e7f4faa53
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A217C32C0021ABFCF11EF90DD06EEE7739BF28700F084829F515660A2EB719A18DB21
                                                                                                                                                                                                                          Function 00A8209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32 ref: 00A820AB
                                                                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000100), ref: 00A820C0
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00A8214D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                          • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                          • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                          • Opcode ID: 28e5419e8aa04adac152b9baa3899f43d6a5518e8052f706487723c0c2d6d1fe
                                                                                                                                                                                                                          • Instruction ID: a0efffdfd5dcc8fb01f23366666754af8ba9fb7a5992e25735d4503a1df3df9d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 28e5419e8aa04adac152b9baa3899f43d6a5518e8052f706487723c0c2d6d1fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3311CA7AA84706B9F6017731EC0AEB6379CEB09764B301226F704A51E2FEA558425714
                                                                                                                                                                                                                          Function 00A58D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2d63ea9d31443dffea450494b61deaed0d0604d49c18eaad058e705c23b36ef2
                                                                                                                                                                                                                          • Instruction ID: 69d1f250121386dd8f12311081cae10b1130737bf8f8fd471c33807d67cd4567
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2d63ea9d31443dffea450494b61deaed0d0604d49c18eaad058e705c23b36ef2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACC1DE74A04249EFDF11DFE8C845BAEBBB0BF49312F044199FC15AB292C774994ACB61
                                                                                                                                                                                                                          Function 00A5CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1282221369-0
                                                                                                                                                                                                                          • Opcode ID: f0e5eee40f872fd633052dd11acbe69cff8770701f8a5532bf4fdba464f5e07a
                                                                                                                                                                                                                          • Instruction ID: d1e2fe31986b51c323a98ba8fbbcc5b0fff4c601e25936a66b61931d0daa973d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0e5eee40f872fd633052dd11acbe69cff8770701f8a5532bf4fdba464f5e07a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17610071A04300AFDB21AFF4D981BAE7BA5BF06322F04416DFD45A7286E631990DC7A0
                                                                                                                                                                                                                          Function 00AB50D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00AB5186
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00AB51C7
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00000000), ref: 00AB51CD
                                                                                                                                                                                                                          • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00AB51D1
                                                                                                                                                                                                                            • Part of subcall function 00AB6FBA: DeleteObject.GDI32(00000000), ref: 00AB6FE6
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB520D
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB521A
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00AB524D
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00AB5287
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00AB5296
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3210457359-0
                                                                                                                                                                                                                          • Opcode ID: f9420ecd1d3e5388e9dc7ad99e994e5de9aadda1c8b36bf1868a3f49c96e59f9
                                                                                                                                                                                                                          • Instruction ID: 6482eb310a09ab88532764cdbc1e9ebd3cfb8722b8e97c0fac1b89b2eacfa029
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9420ecd1d3e5388e9dc7ad99e994e5de9aadda1c8b36bf1868a3f49c96e59f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3519330E42A08BFEF24AF78EC46FD97B69FB05321F144212F515962E2C7B59990DB40
                                                                                                                                                                                                                          Function 00A38B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00A76890
                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00A768A9
                                                                                                                                                                                                                          • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00A768B9
                                                                                                                                                                                                                          • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00A768D1
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00A768F2
                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A38874,00000000,00000000,00000000,000000FF,00000000), ref: 00A76901
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00A7691E
                                                                                                                                                                                                                          • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00A38874,00000000,00000000,00000000,000000FF,00000000), ref: 00A7692D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1268354404-0
                                                                                                                                                                                                                          • Opcode ID: 960a8b237d07faee86cfe7abc82b0cfc6cf2e79a23c4547e80557d81f65b7941
                                                                                                                                                                                                                          • Instruction ID: 3be291b98daa30128eae292e457953e1c3bff355482c5ce9f04a88e682e08b51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 960a8b237d07faee86cfe7abc82b0cfc6cf2e79a23c4547e80557d81f65b7941
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A518B7060070AEFDB20CF64CC95FAABBB5EB48760F108618F956972A0DB74E951DB50
                                                                                                                                                                                                                          Function 00A9C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00A9C182
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A9C195
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?), ref: 00A9C1A9
                                                                                                                                                                                                                            • Part of subcall function 00A9C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00A9C272
                                                                                                                                                                                                                            • Part of subcall function 00A9C253: GetLastError.KERNEL32 ref: 00A9C322
                                                                                                                                                                                                                            • Part of subcall function 00A9C253: SetEvent.KERNEL32(?), ref: 00A9C336
                                                                                                                                                                                                                            • Part of subcall function 00A9C253: InternetCloseHandle.WININET(00000000), ref: 00A9C341
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 337547030-0
                                                                                                                                                                                                                          • Opcode ID: 8ec65db7bd675e1d9a906cc4772251975d1a12c07bf6e20229b328970fb087d0
                                                                                                                                                                                                                          • Instruction ID: 79b896b518e00906df49f2961c5114dbb907bfd6509d00bee6c93953ecb8486c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ec65db7bd675e1d9a906cc4772251975d1a12c07bf6e20229b328970fb087d0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20318D71300B01AFDF21AFE5DD44AA6BBF8FF58720B10461DF95686622DB31E815DBA0
                                                                                                                                                                                                                          Function 00A825A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A83A57
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetCurrentThreadId.KERNEL32 ref: 00A83A5E
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A825B3), ref: 00A83A65
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A825BD
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00A825DB
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00A825DF
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A825E9
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00A82601
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00A82605
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000025,00000000), ref: 00A8260F
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00A82623
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00A82627
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2014098862-0
                                                                                                                                                                                                                          • Opcode ID: 7bd45cc3fc1f171edb8232b088416155eba07e73b24b9d2aa93b4f4fbe2e8e26
                                                                                                                                                                                                                          • Instruction ID: 946c26ba75a06c52c9bf55e022e5ddf2cc988262c7c557034c843dae8f4513fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7bd45cc3fc1f171edb8232b088416155eba07e73b24b9d2aa93b4f4fbe2e8e26
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5501D871390220BBFB10B7A89C8AF597F59DB4EB61F100112F354AE0E2C9F214458B69
                                                                                                                                                                                                                          Function 00A81803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00A81449,?,?,00000000), ref: 00A8180C
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00A81449,?,?,00000000), ref: 00A81813
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A81449,?,?,00000000), ref: 00A81828
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,?,00A81449,?,?,00000000), ref: 00A81830
                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00A81449,?,?,00000000), ref: 00A81833
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00A81449,?,?,00000000), ref: 00A81843
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00A81449,00000000,?,00A81449,?,?,00000000), ref: 00A8184B
                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000,?,00A81449,?,?,00000000), ref: 00A8184E
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,00A81874,00000000,00000000,00000000), ref: 00A81868
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1957940570-0
                                                                                                                                                                                                                          • Opcode ID: 2199e68d5a90c6a5093460ec2c58a2db073f422ff1f6811278964fdbe124f763
                                                                                                                                                                                                                          • Instruction ID: e6e790d679e38ff9ad7566ecd3dfaf58a317e4f0c3dca252f77c779da020ca0b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2199e68d5a90c6a5093460ec2c58a2db073f422ff1f6811278964fdbe124f763
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E101BFB5240304BFE710EFA5EC4DF577BACEB89B11F404611FA05EB1A2C6709801CB20
                                                                                                                                                                                                                          Function 00AAA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A8D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00A8D501
                                                                                                                                                                                                                            • Part of subcall function 00A8D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00A8D50F
                                                                                                                                                                                                                            • Part of subcall function 00A8D4DC: CloseHandle.KERNELBASE(00000000), ref: 00A8D5DC
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AAA16D
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00AAA180
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00AAA1B3
                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000), ref: 00AAA268
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00AAA273
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAA2C4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                          • String ID: SeDebugPrivilege
                                                                                                                                                                                                                          • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                          • Opcode ID: 9596a09f9ee42ce520d4e6ca07e41961d4ae712225098d38ffbbfc9e5d4a7c2a
                                                                                                                                                                                                                          • Instruction ID: 45839bd7a27452993f58b4b3baefc91bfe0860d3a7e0daa12777c3e6ee9af520
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9596a09f9ee42ce520d4e6ca07e41961d4ae712225098d38ffbbfc9e5d4a7c2a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7618D30204242AFD724DF18D594F5ABBE1AF55318F14859CE4668FBA3C772EC4ACB92
                                                                                                                                                                                                                          Function 00AB3886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00AB3925
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00AB393A
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00AB3954
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB3999
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001057,00000000,?), ref: 00AB39C6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00AB39F4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                          • String ID: SysListView32
                                                                                                                                                                                                                          • API String ID: 2147712094-78025650
                                                                                                                                                                                                                          • Opcode ID: 64d2e332c7c8a92473cbc3f8825953e24fb5c95afe7b58c901c30fcd86c0f10f
                                                                                                                                                                                                                          • Instruction ID: f6909d172b2a839961b09768f73fa173d59bd7fd06b4ea31cc3965709e5c0fa6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64d2e332c7c8a92473cbc3f8825953e24fb5c95afe7b58c901c30fcd86c0f10f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B441A472A00218ABEF21DFA4CC45FEA7BADFF48354F100526F554E7292D7B59990CB90
                                                                                                                                                                                                                          Function 00A8BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A8BCFD
                                                                                                                                                                                                                          • IsMenu.USER32(00000000), ref: 00A8BD1D
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 00A8BD53
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(010A52D8), ref: 00A8BDA4
                                                                                                                                                                                                                          • InsertMenuItemW.USER32(010A52D8,?,00000001,00000030), ref: 00A8BDCC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                          • String ID: 0$2
                                                                                                                                                                                                                          • API String ID: 93392585-3793063076
                                                                                                                                                                                                                          • Opcode ID: 5644c542a644f73f45690bce5e9fbe2841d6ae6fe45dde0f81537f03b5ef6a18
                                                                                                                                                                                                                          • Instruction ID: f8ae8a91f00907c39d115d60aa0fc1d917a564d86b9f1b1ceb574ad73edb868e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5644c542a644f73f45690bce5e9fbe2841d6ae6fe45dde0f81537f03b5ef6a18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9851C070A10205EBDF20EFA8D984BAEBBF4FF45324F144219E851E72A1D770A945CB71
                                                                                                                                                                                                                          Function 00A8C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadIconW.USER32(00000000,00007F03), ref: 00A8C913
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconLoad
                                                                                                                                                                                                                          • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                          • API String ID: 2457776203-404129466
                                                                                                                                                                                                                          • Opcode ID: 8ed475f06937e93cc36f44b23be69e29c7c773db05362ee5448d546750371437
                                                                                                                                                                                                                          • Instruction ID: e0002be7d6ff8c1811fa0818d7182b4734fb8b333c1620ad4dfaf3d6b5a81852
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed475f06937e93cc36f44b23be69e29c7c773db05362ee5448d546750371437
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80113D36689706BAE700BB649C83DAA37ACEF153B4B20047BF500A6382E7745E405B75
                                                                                                                                                                                                                          Function 00A8DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                          • String ID: 0.0.0.0
                                                                                                                                                                                                                          • API String ID: 642191829-3771769585
                                                                                                                                                                                                                          • Opcode ID: 30dbf86720a10d3fadc4be7ddcfa71204f56e73d7253cda12ccdc52b972f3b56
                                                                                                                                                                                                                          • Instruction ID: cecc8127db71500a9226bb1a5ea2327ea8475279b289e9e87fec52b505fe6540
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30dbf86720a10d3fadc4be7ddcfa71204f56e73d7253cda12ccdc52b972f3b56
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A11E671904114BFCB20BBA4DD4AEEE77BCDF55721F0002A9F545EA0E2EF719A819B60
                                                                                                                                                                                                                          Function 00AB9F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00AB9FC7
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000F), ref: 00AB9FE7
                                                                                                                                                                                                                          • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00ABA224
                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00ABA242
                                                                                                                                                                                                                          • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00ABA263
                                                                                                                                                                                                                          • ShowWindow.USER32(00000003,00000000), ref: 00ABA282
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00ABA2A7
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000005,?,?), ref: 00ABA2CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1211466189-0
                                                                                                                                                                                                                          • Opcode ID: 7f2d6649a1d139a751f775c3deaff2c55b7186fc150a01bbbec294ca831667fe
                                                                                                                                                                                                                          • Instruction ID: 78e7b62303534d3604d9b2bdc34c66d801496f75a5b49a4e47b4c2afd9df6884
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7f2d6649a1d139a751f775c3deaff2c55b7186fc150a01bbbec294ca831667fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EB1BC31600215DFDF14CF68C985BEE7BB6FF54711F088169EC499B2A6D731A940CB51
                                                                                                                                                                                                                          Function 00A8ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 952045576-0
                                                                                                                                                                                                                          • Opcode ID: d48067c32b79769bb7bdf609880b27e09def23f4f080b250871304cb98d19f2d
                                                                                                                                                                                                                          • Instruction ID: 50ef39882fc814192a70ad27c06a52cf10364d5b5221a0e854d9d1dac150eed4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d48067c32b79769bb7bdf609880b27e09def23f4f080b250871304cb98d19f2d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F418369C10218B5DB11FBF4898AACFB7ACAF85710F508562E514F3122FB74E255C3A6
                                                                                                                                                                                                                          Function 00A3F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A7682C,00000004,00000000,00000000), ref: 00A3F953
                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00A7682C,00000004,00000000,00000000), ref: 00A7F3D1
                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00A7682C,00000004,00000000,00000000), ref: 00A7F454
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                          • Opcode ID: 141b01db008a2e697ff3b6fe6a0d2b41ce3262656bec228f76e6e3248316800d
                                                                                                                                                                                                                          • Instruction ID: 0a2d5fef0c4dd37f250f84c4649aead2c8da4c72235fe1e700a81f32ee5294ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 141b01db008a2e697ff3b6fe6a0d2b41ce3262656bec228f76e6e3248316800d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93412A31A28640BFC778CB7C8D88B7A7BA1AB56320F14C13CF05B56661D672A981C751
                                                                                                                                                                                                                          Function 00AB2D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00AB2D1B
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00AB2D23
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00AB2D2E
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00AB2D3A
                                                                                                                                                                                                                          • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00AB2D76
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00AB2D87
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00AB5A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00AB2DC2
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00AB2DE1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3864802216-0
                                                                                                                                                                                                                          • Opcode ID: fffca54f3e6e8a3ef38b3c312abc27214fd9f05d0efac22b0c4cf2f3a5257a98
                                                                                                                                                                                                                          • Instruction ID: cbfbd31388e7f8650d1ed541a3f822154d0cf822d0a991d0e607fb84883659b3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fffca54f3e6e8a3ef38b3c312abc27214fd9f05d0efac22b0c4cf2f3a5257a98
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27317F72201214BFEB118F54CC89FEB3BADEF49725F044155FE089A2A2C6799C51C7B4
                                                                                                                                                                                                                          Function 00A85622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                          • Opcode ID: 96d9f1b5c27fa37f6613599f245de7df8c4a3de7291e03ed8bf6362ba2c5e516
                                                                                                                                                                                                                          • Instruction ID: 5ea21e94881edb7b74b11d0c417cb7e80b79cdbd4ce774b869ebb96a732ef7fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96d9f1b5c27fa37f6613599f245de7df8c4a3de7291e03ed8bf6362ba2c5e516
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED219F75E50A097BD6187A318E82FFA33ACBE61394F4C4430FD049A682F721ED5183A9
                                                                                                                                                                                                                          Function 00AA4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                          • API String ID: 0-572801152
                                                                                                                                                                                                                          • Opcode ID: 0e7e36c1c525befe6015dc50232d99f52fb50e3c5a08a55407ee66b5fb9208cb
                                                                                                                                                                                                                          • Instruction ID: 7fe6d664f1029d20352e6395cba8af7f55936662685915854c30717ffadbe70e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e7e36c1c525befe6015dc50232d99f52fb50e3c5a08a55407ee66b5fb9208cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1AD1C071E0060AAFDF10DFA8C890FAEB7B5BF49344F148569E915AB281E370DD45CB64
                                                                                                                                                                                                                          Function 00A61522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00A617FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00A615CE
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A61651
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00A617FB,?,00A617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A616E4
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00A617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A616FB
                                                                                                                                                                                                                            • Part of subcall function 00A53820: RtlAllocateHeap.NTDLL(00000000,?,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6,?,00A21129), ref: 00A53852
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00A617FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00A61777
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A617A2
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A617AE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2829977744-0
                                                                                                                                                                                                                          • Opcode ID: 2e073de843c5cd579c9f7ffc10a17cabedc934565ede5a3a219960ae9d386bab
                                                                                                                                                                                                                          • Instruction ID: 24d308bab1a6e47586ea41cac1936d89de896478a06be3ccef73e7d6ede6f2a7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e073de843c5cd579c9f7ffc10a17cabedc934565ede5a3a219960ae9d386bab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0791A076E002169ADB208FB4C991AEEBFB5EF49310F1C4659E802E7191EB35DD45CBA0
                                                                                                                                                                                                                          Function 00AA4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                                                                                                          • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                          • API String ID: 2610073882-625585964
                                                                                                                                                                                                                          • Opcode ID: 991737877c03eedf7b8cae4040226a62bbb839c06358260e293ab84bc2b8a5b6
                                                                                                                                                                                                                          • Instruction ID: 922c80500ed849a755173a403fdba4ee5cd00d621093bfa99b0bcf8c0264b746
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 991737877c03eedf7b8cae4040226a62bbb839c06358260e293ab84bc2b8a5b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C918171E00259AFDF24CFA5D844FAEBBB8EF8A714F108559F505AB281D7B09941CFA0
                                                                                                                                                                                                                          Function 00A91187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00A9125C
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00A91284
                                                                                                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00A912A8
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A912D8
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A9135F
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A913C4
                                                                                                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00A91430
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2550207440-0
                                                                                                                                                                                                                          • Opcode ID: 49af361110eb4fcdc6ebbd1afb6a60070fbf8d26b40b910dc084eb53c7f8adc6
                                                                                                                                                                                                                          • Instruction ID: 2d89bad9955b75e607461ce94624ae97caf4c733c73ac81bfec1546f1d593be5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 49af361110eb4fcdc6ebbd1afb6a60070fbf8d26b40b910dc084eb53c7f8adc6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5691AD75A0021AAFDF00DFA8C885BBEB7F5FF48325F204429E950EB291D774A941CB90
                                                                                                                                                                                                                          Function 00A3948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                          • Opcode ID: 025bb2de9ee56b7dc69bfdcfc7b005c387fab4f041ea50f34340ef2d378ecdcc
                                                                                                                                                                                                                          • Instruction ID: 38bc6ea77dbb5dd0a81c688a402d22978707421488eee5613e803554616c4e1c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 025bb2de9ee56b7dc69bfdcfc7b005c387fab4f041ea50f34340ef2d378ecdcc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 98911471D40219AFCB10CFA9CC85AEEBBB8FF49320F148559F515B7251D374AA82CB60
                                                                                                                                                                                                                          Function 00AA3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00AA396B
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?), ref: 00AA3A7A
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AA3A8A
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00AA3C1F
                                                                                                                                                                                                                            • Part of subcall function 00A90CDF: VariantInit.OLEAUT32(00000000), ref: 00A90D1F
                                                                                                                                                                                                                            • Part of subcall function 00A90CDF: VariantCopy.OLEAUT32(?,?), ref: 00A90D28
                                                                                                                                                                                                                            • Part of subcall function 00A90CDF: VariantClear.OLEAUT32(?), ref: 00A90D34
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                          • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                          • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                          • Opcode ID: ad1db127882bc59a80aae7125e66ee74c60d1939af086c1e0b29068dbbc226d8
                                                                                                                                                                                                                          • Instruction ID: 737898c86ae45787c1ac4db938e3e645248eccfeb8f2c09ce482695faf04402c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad1db127882bc59a80aae7125e66ee74c60d1939af086c1e0b29068dbbc226d8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54918C756083059FCB00DF68C58096AB7E5FF89714F14896DF88A9B391DB31EE05CB92
                                                                                                                                                                                                                          Function 00AA4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A8000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?,?,00A8035E), ref: 00A8002B
                                                                                                                                                                                                                            • Part of subcall function 00A8000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?), ref: 00A80046
                                                                                                                                                                                                                            • Part of subcall function 00A8000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?), ref: 00A80054
                                                                                                                                                                                                                            • Part of subcall function 00A8000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?), ref: 00A80064
                                                                                                                                                                                                                          • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00AA4C51
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AA4D59
                                                                                                                                                                                                                          • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00AA4DCF
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?), ref: 00AA4DDA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                          • String ID: NULL Pointer assignment
                                                                                                                                                                                                                          • API String ID: 614568839-2785691316
                                                                                                                                                                                                                          • Opcode ID: 448d58fb6dec421b35705769f6ec45dae1e7b6c6545df508ef361734f62a64b2
                                                                                                                                                                                                                          • Instruction ID: f4bed8876826c81b715ff2f017ea4d06bfb47e5cdb45c94045cf36a5277bda68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 448d58fb6dec421b35705769f6ec45dae1e7b6c6545df508ef361734f62a64b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 59912771D0022DAFDF24DFA4D880AEEB7B8BF49310F104169F919A7291EB705A45CF60
                                                                                                                                                                                                                          Function 00AB20FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00AB2183
                                                                                                                                                                                                                          • GetMenuItemCount.USER32(00000000), ref: 00AB21B5
                                                                                                                                                                                                                          • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00AB21DD
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB2213
                                                                                                                                                                                                                          • GetMenuItemID.USER32(?,?), ref: 00AB224D
                                                                                                                                                                                                                          • GetSubMenu.USER32(?,?), ref: 00AB225B
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A83A57
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetCurrentThreadId.KERNEL32 ref: 00A83A5E
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A825B3), ref: 00A83A65
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00AB22E3
                                                                                                                                                                                                                            • Part of subcall function 00A8E97B: Sleep.KERNEL32 ref: 00A8E9F3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4196846111-0
                                                                                                                                                                                                                          • Opcode ID: f979091d4dfb79588c57ff1e6c1fcb1081709335613eaaacf40e59ce5e4c7ba0
                                                                                                                                                                                                                          • Instruction ID: 6e7b4b391573d3ef157ee8ed5551ff3e37236108c81ff94301bde5aa9b6ab4f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f979091d4dfb79588c57ff1e6c1fcb1081709335613eaaacf40e59ce5e4c7ba0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3715075A00215AFCB14DFA8D945BEEB7F5EF48320F148469E816EB352D734ED428B90
                                                                                                                                                                                                                          Function 00AB7E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(010A52B0), ref: 00AB7F37
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(010A52B0), ref: 00AB7F43
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00AB801E
                                                                                                                                                                                                                          • SendMessageW.USER32(010A52B0,000000B0,?,?), ref: 00AB8051
                                                                                                                                                                                                                          • IsDlgButtonChecked.USER32(?,?), ref: 00AB8089
                                                                                                                                                                                                                          • GetWindowLongW.USER32(010A52B0,000000EC), ref: 00AB80AB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00AB80C3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4072528602-0
                                                                                                                                                                                                                          • Opcode ID: 074ac15bd8db06e91ddce09dcd6d7ed7dcd9681d14de7f17abe45b35a8c42ffd
                                                                                                                                                                                                                          • Instruction ID: d70f265d937c408f1db59c98fd2f48a8985321bf428ebf3fbced008e9ee75479
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 074ac15bd8db06e91ddce09dcd6d7ed7dcd9681d14de7f17abe45b35a8c42ffd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6771AE34609204AFEB21DFA4C894FFEBBBDEF49340F140459E945972A2CBB5AC45DB14
                                                                                                                                                                                                                          Function 00A8AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00A8AEF9
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00A8AF0E
                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 00A8AF6F
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000010,?), ref: 00A8AF9D
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000011,?), ref: 00A8AFBC
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,00000012,?), ref: 00A8AFFD
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00A8B020
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                          • Opcode ID: 091ed75c24a989ebedb49fa9708563584ab5da0cd828da8c05ee3b2ea6b507f3
                                                                                                                                                                                                                          • Instruction ID: 0a7043cfee6c6322ffe3b062b5e6e3c05f9fa71cfb1fefefc1c98cf330383f64
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 091ed75c24a989ebedb49fa9708563584ab5da0cd828da8c05ee3b2ea6b507f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA5103A06147D13DFB36A3348C45BBBBEE95B06304F08858AE2E9458C3D3D8ACD4D761
                                                                                                                                                                                                                          Function 00A8ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 00A8AD19
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?), ref: 00A8AD2E
                                                                                                                                                                                                                          • SetKeyboardState.USER32(?), ref: 00A8AD8F
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00A8ADBB
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00A8ADD8
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00A8AE17
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00A8AE38
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 87235514-0
                                                                                                                                                                                                                          • Opcode ID: 654bf3ed70fb8811ff3ee037b92d99d7cf0d2764a9ed822ba936a339b7946c38
                                                                                                                                                                                                                          • Instruction ID: 6927a7307cde0c87195e6f1297f20c47e12050bc23dcbd61a0e9263c0b7ee380
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 654bf3ed70fb8811ff3ee037b92d99d7cf0d2764a9ed822ba936a339b7946c38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 385109A1A047E53DFB33A3348C55BBABEA85B55301F0C898AE1D5868C3D394EC84D762
                                                                                                                                                                                                                          Function 00A5542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetConsoleCP.KERNEL32(00A63CD6,?,?,?,?,?,?,?,?,00A55BA3,?,?,00A63CD6,?,?), ref: 00A55470
                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00A554EB
                                                                                                                                                                                                                          • __fassign.LIBCMT ref: 00A55506
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00A63CD6,00000005,00000000,00000000), ref: 00A5552C
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00A63CD6,00000000,00A55BA3,00000000,?,?,?,?,?,?,?,?,?,00A55BA3,?), ref: 00A5554B
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000001,00A55BA3,00000000,?,?,?,?,?,?,?,?,?,00A55BA3,?), ref: 00A55584
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                                                                          • Opcode ID: 041f09aaa6d0882b2e68a07c4a2f4324cbefd7e2eef2bde8bf9ae9a4a3e0e811
                                                                                                                                                                                                                          • Instruction ID: b82e7d15056c7353e0aaf5910267833ada1b1d63acbe0d66d87fec1a5c3ab96d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 041f09aaa6d0882b2e68a07c4a2f4324cbefd7e2eef2bde8bf9ae9a4a3e0e811
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5451C1B1E006499FDB10CFA8D851AEEBBF9FF09311F14412AE955E7292E6309A45CB60
                                                                                                                                                                                                                          Function 00A42D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00A42D4B
                                                                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00A42D53
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00A42DE1
                                                                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00A42E0C
                                                                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00A42E61
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                          • Opcode ID: eafef42a4aba7a26e9dbce25dbe50304a66ce6c7a402233372f4457e2396b6f2
                                                                                                                                                                                                                          • Instruction ID: fd6e640659bea10ed2bd425e92260a6e9e840b83fe40f7e440c8edae57dc671d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eafef42a4aba7a26e9dbce25dbe50304a66ce6c7a402233372f4457e2396b6f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 44419F39E00209EBCF10DF68C885B9EBBB5BF84324F548155F915AB392D771AA16CBD0
                                                                                                                                                                                                                          Function 00AA10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00AA304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA307A
                                                                                                                                                                                                                            • Part of subcall function 00AA304E: _wcslen.LIBCMT ref: 00AA309B
                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00AA1112
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1121
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA11C9
                                                                                                                                                                                                                          • closesocket.WSOCK32(00000000), ref: 00AA11F9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2675159561-0
                                                                                                                                                                                                                          • Opcode ID: 2ecb6fc45ad3834248332b0580eab8babc5a2408a80d3258a7eededd3331481c
                                                                                                                                                                                                                          • Instruction ID: cb2041bf2ab65da5be4550cc0312ef73548c5dc6b30f7688358ac914589d9d47
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ecb6fc45ad3834248332b0580eab8babc5a2408a80d3258a7eededd3331481c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6241F431600214AFDB10DF54D884BA9B7E9EF46364F148259F9159B2D2D770ED82CBE0
                                                                                                                                                                                                                          Function 00A8CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A8DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A8CF22,?), ref: 00A8DDFD
                                                                                                                                                                                                                            • Part of subcall function 00A8DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A8CF22,?), ref: 00A8DE16
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00A8CF45
                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00A8CF7F
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8D005
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8D01B
                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?), ref: 00A8D061
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                          • String ID: \*.*
                                                                                                                                                                                                                          • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                          • Opcode ID: d6c4b5fdc1509c8e62d4c03cfb9ea253230874b6235d3252c4231f651db69204
                                                                                                                                                                                                                          • Instruction ID: 60a4af8e988708f563936f747d1aa2ea2cbb708325f46368d49e9d195a06de9c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6c4b5fdc1509c8e62d4c03cfb9ea253230874b6235d3252c4231f651db69204
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA4153719052189FDF12FBA4DA81EDEB7B9AF58790F0000E6E605EB142EB34AB45CF50
                                                                                                                                                                                                                          Function 00AB2DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00AB2E1C
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB2E4F
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB2E84
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00AB2EB6
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00AB2EE0
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB2EF1
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB2F0B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2178440468-0
                                                                                                                                                                                                                          • Opcode ID: d49636f69fda801e6c012be56ae683d96c5bb420c1cc17e1ac0b5aaf190b1a7e
                                                                                                                                                                                                                          • Instruction ID: f180e0c59964d3ebc135015a9593ea3ac9641ff5a6fea9c2a5a9e76e1f846f56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d49636f69fda801e6c012be56ae683d96c5bb420c1cc17e1ac0b5aaf190b1a7e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A531F230644250AFEB21CF99DC94FA53BE9EB9A720F150166F9008B2B2CBB5E841DB51
                                                                                                                                                                                                                          Function 00A87726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A87769
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A8778F
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00A87792
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00A877B0
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 00A877B9
                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00A877DE
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00A877EC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                          • Opcode ID: 19883348576127072304e03bdca8f9ab9d31336e48a4cf2adc574fa8266bf481
                                                                                                                                                                                                                          • Instruction ID: 80163703fa3e19f606fb162f9b630a9c6d17ca60f3a14807bb3e8083ff70bf4f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19883348576127072304e03bdca8f9ab9d31336e48a4cf2adc574fa8266bf481
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21B376608219AFDF10EFA8DC88CBF77ACEB09764B148125FA15DB261D670DD42C760
                                                                                                                                                                                                                          Function 00A877FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A87842
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00A87868
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00A8786B
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 00A8788C
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32 ref: 00A87895
                                                                                                                                                                                                                          • StringFromGUID2.OLE32(?,?,00000028), ref: 00A878AF
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 00A878BD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3761583154-0
                                                                                                                                                                                                                          • Opcode ID: 4ed33f296dfcf6b1bd9d461239b1e52047fb65e1adde274bd31e454372e5679e
                                                                                                                                                                                                                          • Instruction ID: 52a72bf8e462e810c82efa045f018f16ec3a099dcf2c985a3f2582627045b18d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ed33f296dfcf6b1bd9d461239b1e52047fb65e1adde274bd31e454372e5679e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27213236608104AFDB10EFE8DC8CDAE77ACEB49760B208125F915DB2A1DA74DD81CB74
                                                                                                                                                                                                                          Function 00A904D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(0000000C), ref: 00A904F2
                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A9052E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                          • Opcode ID: 2386c2d7edbd5b3481440d0c1198040d04e873953ef6331c0e369979fb82b811
                                                                                                                                                                                                                          • Instruction ID: 05032019517cb98ec427fde3cfb056eaf01705c3fefd3e3f49d2cb16a110f5ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2386c2d7edbd5b3481440d0c1198040d04e873953ef6331c0e369979fb82b811
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B216B75600305AFDF209F69DC44E9A7BF8AF547A4F618A29F8A1E72E0D7709941CF20
                                                                                                                                                                                                                          Function 00A905A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00A905C6
                                                                                                                                                                                                                          • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00A90601
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateHandlePipe
                                                                                                                                                                                                                          • String ID: nul
                                                                                                                                                                                                                          • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                          • Opcode ID: a3200428767a75a0448caf99785704aa2418327c5573778f9026f77875033b03
                                                                                                                                                                                                                          • Instruction ID: 5bd508d01bf3ce6a599ffe87f4abee629653797eebc5e5b1c1b85e5eab01efb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3200428767a75a0448caf99785704aa2418327c5573778f9026f77875033b03
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED2183756003059FDF209F699C04E9A7BE8BF957B0F200B19F9A1E72E0D7B09961CB20
                                                                                                                                                                                                                          Function 00AB40AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A2604C
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: GetStockObject.GDI32(00000011), ref: 00A26060
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A2606A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00AB4112
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00AB411F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00AB412A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00AB4139
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00AB4145
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                          • String ID: Msctls_Progress32
                                                                                                                                                                                                                          • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                          • Opcode ID: 5b3cfd433ebd256566876374f92f05f85d4249c74f00db4d28b22e0551b79e30
                                                                                                                                                                                                                          • Instruction ID: 7c41a65263db014b302c33382aa11a1e2cf5e46e77b10eba7498637ffe9ea9f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3cfd433ebd256566876374f92f05f85d4249c74f00db4d28b22e0551b79e30
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CE11B2B2150219BEEF119FA8CC85EE77F6DEF08798F004211BA18A2051C7769C21DBA4
                                                                                                                                                                                                                          Function 00A5D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A5D7A3: _free.LIBCMT ref: 00A5D7CC
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D82D
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D838
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D843
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D897
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D8A2
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D8AD
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D8B8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                          • Instruction ID: 531cb264f2ccdb7efbd7ffb9704f06e266cc61f1b11936350636bd5306e51633
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9115E71540B04EAD631BFB0CE47FCB7BDCBF49702F400825BA99AA993DA75B5098760
                                                                                                                                                                                                                          Function 00A8DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00A8DA74
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 00A8DA7B
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00A8DA91
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000), ref: 00A8DA98
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00A8DADC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • %s (%d) : ==> %s: %s %s, xrefs: 00A8DAB9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                          • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                          • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                          • Opcode ID: 012e1c30b1acb266ce37235d1ebdebb485c2d685ce291e956a4a80faca823ab8
                                                                                                                                                                                                                          • Instruction ID: 6ed93a7bc2289b788cc1cbd74cbf0359850c3e743518b052d0fea8c8864d8c34
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 012e1c30b1acb266ce37235d1ebdebb485c2d685ce291e956a4a80faca823ab8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A0186F29002087FE711EBE49D89EF7776CE708351F400991B706E2092EA749E854F74
                                                                                                                                                                                                                          Function 00A9096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0109F4F0,0109F4F0), ref: 00A9097B
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(0109F4D0,00000000), ref: 00A9098D
                                                                                                                                                                                                                          • TerminateThread.KERNEL32(?,000001F6), ref: 00A9099B
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00A909A9
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00A909B8
                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(0109F4F0,000001F6), ref: 00A909C8
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(0109F4D0), ref: 00A909CF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3495660284-0
                                                                                                                                                                                                                          • Opcode ID: 7ef2955413b3864633a4df88b0e6d38c530783d7d3a19eb231c15301189835e6
                                                                                                                                                                                                                          • Instruction ID: 12b750270b98d87b592220f1232a0b60551ac74cdba2e3faef912d5ad33b4c37
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7ef2955413b3864633a4df88b0e6d38c530783d7d3a19eb231c15301189835e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0F01D31542512ABDB45AF94EE88ED6BA65BF01752F401226F201508B2C7749866CF90
                                                                                                                                                                                                                          Function 00AA1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00AA1DC0
                                                                                                                                                                                                                          • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00AA1DE1
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1DF2
                                                                                                                                                                                                                          • htons.WSOCK32(?,?,?,?,?), ref: 00AA1EDB
                                                                                                                                                                                                                          • inet_ntoa.WSOCK32(?), ref: 00AA1E8C
                                                                                                                                                                                                                            • Part of subcall function 00A839E8: _strlen.LIBCMT ref: 00A839F2
                                                                                                                                                                                                                            • Part of subcall function 00AA3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00A9EC0C), ref: 00AA3240
                                                                                                                                                                                                                          • _strlen.LIBCMT ref: 00AA1F35
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3203458085-0
                                                                                                                                                                                                                          • Opcode ID: 5b58dcc9a1ec50e8e1e3f961c0a19b5e35dd9679e1da805e4865014e638761e5
                                                                                                                                                                                                                          • Instruction ID: 74cf3d2fc595f6e318373205ed343f3f3f86cfebb476f8cd24e7d2c80cb713bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b58dcc9a1ec50e8e1e3f961c0a19b5e35dd9679e1da805e4865014e638761e5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9CB10031604340AFC724DF24C895E2A7BE5AF86318F54895DF45A5F2E2DB31ED42CB91
                                                                                                                                                                                                                          Function 00A25D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00A25D30
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A25D71
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00A25D99
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00A25ED7
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A25EF8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1296646539-0
                                                                                                                                                                                                                          • Opcode ID: 308f5106c6e04dde280039fbf6c4e1c43fb6d908bc2254b73c89b82e4f46c5e9
                                                                                                                                                                                                                          • Instruction ID: 76024120cf894fe0affc10c50531cbfd4938d901c46fe5c8d7ba65cf12ecf250
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 308f5106c6e04dde280039fbf6c4e1c43fb6d908bc2254b73c89b82e4f46c5e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8B17735A00A4ADBDB14CFB9C4807EEB7F1FF58310F14952AE8AAD7250DB30AA51DB50
                                                                                                                                                                                                                          Function 00A501B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00A500BA
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A500D6
                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00A500ED
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A5010B
                                                                                                                                                                                                                          • __allrem.LIBCMT ref: 00A50122
                                                                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A50140
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1992179935-0
                                                                                                                                                                                                                          • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                          • Instruction ID: 17a9f7d4f5005fff76af002f280702061d1d778c7f48d2525442117badb6bd84
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B81E476A00B069FE7209F68CD41F6B77F9BF81325F24423AF951D6681E7B0D9088B91
                                                                                                                                                                                                                          Function 00A561FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00A482D9,00A482D9,?,?,?,00A5644F,00000001,00000001,8BE85006), ref: 00A56258
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00A5644F,00000001,00000001,8BE85006,?,?,?), ref: 00A562DE
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00A563D8
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A563E5
                                                                                                                                                                                                                            • Part of subcall function 00A53820: RtlAllocateHeap.NTDLL(00000000,?,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6,?,00A21129), ref: 00A53852
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A563EE
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A56413
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                                                                          • Opcode ID: 4c38adb5544f179a7997206ec78afe7e5a4f563c1cceeea5729d14c0c6c0e133
                                                                                                                                                                                                                          • Instruction ID: 6f53df03f44e9173fb2e5dbb7763df39c3d92d13ca2de951dc6b50bb9876a557
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c38adb5544f179a7997206ec78afe7e5a4f563c1cceeea5729d14c0c6c0e133
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C151F172A00216ABEF258F64DD81EBF7BA9FB44762F544229FC05DB141EB34DC48C660
                                                                                                                                                                                                                          Function 00AABBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAB6AE,?,?), ref: 00AAC9B5
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AAC9F1
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA68
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA9E
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AABCCA
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AABD25
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AABD6A
                                                                                                                                                                                                                          • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00AABD99
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00AABDF3
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00AABDFF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1120388591-0
                                                                                                                                                                                                                          • Opcode ID: dd1242315b959b032cb2c75311692aec1161d967b60fb796bf0912b61a5f1479
                                                                                                                                                                                                                          • Instruction ID: a5d1031262fae353f2a7e3fd0eaaf9f1d68a00d5faf9f0aae5896f74eccb8fdd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd1242315b959b032cb2c75311692aec1161d967b60fb796bf0912b61a5f1479
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF818030218241EFD714DF24C995E2ABBE5FF85318F14896CF4594B2A2DB31ED45CBA2
                                                                                                                                                                                                                          Function 00A7F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000035), ref: 00A7F7B9
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000001), ref: 00A7F860
                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(00A7FA64,00000000), ref: 00A7F889
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(00A7FA64), ref: 00A7F8AD
                                                                                                                                                                                                                          • VariantCopy.OLEAUT32(00A7FA64,00000000), ref: 00A7F8B1
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A7F8BB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3859894641-0
                                                                                                                                                                                                                          • Opcode ID: 854f6eb7f589b10b32d1d62f769c7c8c0dc5ff609e29bc1e0d325a19d891a2ac
                                                                                                                                                                                                                          • Instruction ID: 73a95be5be78a61936a967aa7172dd5ae5e5391c2225b75a257c0d1ac978baab
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 854f6eb7f589b10b32d1d62f769c7c8c0dc5ff609e29bc1e0d325a19d891a2ac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14519431610310BECF24AB65DC95B6AB3A4EF45710F24D467F90AEF296DB708E40C7A6
                                                                                                                                                                                                                          Function 00A9910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A27620: _wcslen.LIBCMT ref: 00A27625
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          • GetOpenFileNameW.COMDLG32(00000058), ref: 00A994E5
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A99506
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A9952D
                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(00000058), ref: 00A99585
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                          • String ID: X
                                                                                                                                                                                                                          • API String ID: 83654149-3081909835
                                                                                                                                                                                                                          • Opcode ID: a3d9dd811d4bf1d44d387c4ec684c9916a55c801ffae06ba298eed7fa727d424
                                                                                                                                                                                                                          • Instruction ID: 6c5246cf9d0929d9a250025f2312cf90492b551918f6e64f2da31e9f16009e76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a3d9dd811d4bf1d44d387c4ec684c9916a55c801ffae06ba298eed7fa727d424
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26E1C1316083509FDB24DF28D981A6FB7E4BF85310F04896DF8899B2A2DB31DD05CB92
                                                                                                                                                                                                                          Function 00A3920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • BeginPaint.USER32(?,?,?), ref: 00A39241
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A392A5
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00A392C2
                                                                                                                                                                                                                          • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00A392D3
                                                                                                                                                                                                                          • EndPaint.USER32(?,?,?,?,?), ref: 00A39321
                                                                                                                                                                                                                          • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00A771EA
                                                                                                                                                                                                                            • Part of subcall function 00A39339: BeginPath.GDI32(00000000), ref: 00A39357
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3050599898-0
                                                                                                                                                                                                                          • Opcode ID: df74c25654f14db9f09349d22c1c182f84f1b015f9258d20191009e21ebe058a
                                                                                                                                                                                                                          • Instruction ID: 9ea122b831a5b1436cbda955d3368586cfbb8b31f68289ac691c2780d462ac60
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df74c25654f14db9f09349d22c1c182f84f1b015f9258d20191009e21ebe058a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D41AC71104200AFD711DFA8CCC4FBB7BB8EB55360F044269F9A59B2B2C7B19846DB61
                                                                                                                                                                                                                          Function 00A907EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F5), ref: 00A9080C
                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00A90847
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 00A90863
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 00A908DC
                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00A908F3
                                                                                                                                                                                                                          • InterlockedExchange.KERNEL32(?,000001F6), ref: 00A90921
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3368777196-0
                                                                                                                                                                                                                          • Opcode ID: 38600b2e5008270e61b56ee9f37cb2980ccb51b86e81dddc7cdb55c9d6a04915
                                                                                                                                                                                                                          • Instruction ID: aa8aa02235b367aa5dbb51907e11a2aadfcea9651ac4b26fd70c3481a62290c4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38600b2e5008270e61b56ee9f37cb2980ccb51b86e81dddc7cdb55c9d6a04915
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85414B71A00205AFDF14EF94DD85EAAB7B8FF44310F1440A9ED049A297D730DE65DBA0
                                                                                                                                                                                                                          Function 00AB81DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00A7F3AB,00000000,?,?,00000000,?,00A7682C,00000004,00000000,00000000), ref: 00AB824C
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00AB8272
                                                                                                                                                                                                                          • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00AB82D1
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000004), ref: 00AB82E5
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 00AB830B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00AB832F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 642888154-0
                                                                                                                                                                                                                          • Opcode ID: 16ab84ac3d3810c4aa0451ffceb612ef81b8230c9894e61da8d580303f1e4f50
                                                                                                                                                                                                                          • Instruction ID: 075da3a323060db35e00d2d87618a427d33a585a3dcd50d88f8f690f75de3c67
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 16ab84ac3d3810c4aa0451ffceb612ef81b8230c9894e61da8d580303f1e4f50
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7418334601644EFDB11CF99C899FE47BE8BB0A714F1842A9E5184F273CB75A842CB50
                                                                                                                                                                                                                          Function 00A84C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 00A84C95
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00A84CB2
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00A84CEA
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A84D08
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00A84D10
                                                                                                                                                                                                                          • _wcsstr.LIBVCRUNTIME ref: 00A84D1A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 72514467-0
                                                                                                                                                                                                                          • Opcode ID: d6da479c23d73231abfdb9054f2df2048c7704d4db101ab33f34adb7726b4eb1
                                                                                                                                                                                                                          • Instruction ID: d3e7d4f55c0f6841c6dbe77728bc01073f5b5d4382310c01f0f637e523d84120
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6da479c23d73231abfdb9054f2df2048c7704d4db101ab33f34adb7726b4eb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A5210B72604201BFEB15AB75DD49E7B7FACDF4D760F108039F805CA1A2EA65DC0197A0
                                                                                                                                                                                                                          Function 00A9581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A23AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00A23A97,?,?,00A22E7F,?,?,?,00000000), ref: 00A23AC2
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A9587B
                                                                                                                                                                                                                          • CoInitialize.OLE32(00000000), ref: 00A95995
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(00ABFCF8,00000000,00000001,00ABFB68,?), ref: 00A959AE
                                                                                                                                                                                                                          • CoUninitialize.OLE32 ref: 00A959CC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                          • String ID: .lnk
                                                                                                                                                                                                                          • API String ID: 3172280962-24824748
                                                                                                                                                                                                                          • Opcode ID: 3c53ca3c1c0123dc0acecaac675385689af676caebd9ade587b94f527ff9c4da
                                                                                                                                                                                                                          • Instruction ID: 55cfffac8250ea48802570b4fa36705fcc09dc0ab6b1660d01c3d89a79d42306
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c53ca3c1c0123dc0acecaac675385689af676caebd9ade587b94f527ff9c4da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BD16375A047119FCB04DF28C581A2EBBE1FF89710F148869F88A9B361DB31ED05CB92
                                                                                                                                                                                                                          Function 00A8175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A80FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A80FCA
                                                                                                                                                                                                                            • Part of subcall function 00A80FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A80FD6
                                                                                                                                                                                                                            • Part of subcall function 00A80FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A80FE5
                                                                                                                                                                                                                            • Part of subcall function 00A80FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A80FEC
                                                                                                                                                                                                                            • Part of subcall function 00A80FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A81002
                                                                                                                                                                                                                          • GetLengthSid.ADVAPI32(?,00000000,00A81335), ref: 00A817AE
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00A817BA
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000), ref: 00A817C1
                                                                                                                                                                                                                          • CopySid.ADVAPI32(00000000,00000000,?), ref: 00A817DA
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,00A81335), ref: 00A817EE
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A817F5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3008561057-0
                                                                                                                                                                                                                          • Opcode ID: ffe6547a0a12f9c69031b83e9f8add6e3348d0f2ccdecec109d8f0267851acb7
                                                                                                                                                                                                                          • Instruction ID: 2b421d043eed9a6bef9018c81ab736bec200fdea11239fc82445260868ec5933
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffe6547a0a12f9c69031b83e9f8add6e3348d0f2ccdecec109d8f0267851acb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 22116A72500205EFDB10EFA8DC49FAE7BBDEB45765F104219F481A7222D735A946CF60
                                                                                                                                                                                                                          Function 00A814CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00A814FF
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00A81506
                                                                                                                                                                                                                          • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00A81515
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000004), ref: 00A81520
                                                                                                                                                                                                                          • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A8154F
                                                                                                                                                                                                                          • DestroyEnvironmentBlock.USERENV(00000000), ref: 00A81563
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1413079979-0
                                                                                                                                                                                                                          • Opcode ID: 431d1284cf0db7c6cc6b51b6065fec2d936116515060263cafb6ca51d63abd9a
                                                                                                                                                                                                                          • Instruction ID: da15e7ecabae2b00f2f268ffc53aa63f3040b95c966b640a621b695ad01da53d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 431d1284cf0db7c6cc6b51b6065fec2d936116515060263cafb6ca51d63abd9a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E1159B2504209ABDF11EFD8DD49FDE7BADEF48714F044124FA05A2060C3758E62DB60
                                                                                                                                                                                                                          Function 00A43382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00A43379,00A42FE5), ref: 00A43390
                                                                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A4339E
                                                                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A433B7
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00A43379,00A42FE5), ref: 00A43409
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                                                                          • Opcode ID: f2f5cf41f46e76862cd5908e368d071206db8bed0c87a4298e28fae5c473a9dc
                                                                                                                                                                                                                          • Instruction ID: e9cf53ccef41637f665cb6370257af4f1b2787656059e2e523ff53d2440fbd36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2f5cf41f46e76862cd5908e368d071206db8bed0c87a4298e28fae5c473a9dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE01F03B609312BFEE1967F87DC59575A94EB857767200329F4208D1F2FF115E035644
                                                                                                                                                                                                                          Function 00A52D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00A55686,00A63CD6,?,00000000,?,00A55B6A,?,?,?,?,?,00A4E6D1,?,00AE8A48), ref: 00A52D78
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52DAB
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52DD3
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00A4E6D1,?,00AE8A48,00000010,00A24F4A,?,?,00000000,00A63CD6), ref: 00A52DE0
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,?,?,00A4E6D1,?,00AE8A48,00000010,00A24F4A,?,?,00000000,00A63CD6), ref: 00A52DEC
                                                                                                                                                                                                                          • _abort.LIBCMT ref: 00A52DF2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                                                                          • Opcode ID: 5d93dfb4a33661c43a130ef6e8e3ec8311846e88f56fd50e34d93f099b169405
                                                                                                                                                                                                                          • Instruction ID: ed775708aca136166d64593f7cee931b3aea8399e03d827681e5c4d2bf93a027
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d93dfb4a33661c43a130ef6e8e3ec8311846e88f56fd50e34d93f099b169405
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69F0A433544A0067D61267B4AD06F5E2679BBC37B3F254519FC24A61A3EF34880E4360
                                                                                                                                                                                                                          Function 00AB8A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A39693
                                                                                                                                                                                                                            • Part of subcall function 00A39639: SelectObject.GDI32(?,00000000), ref: 00A396A2
                                                                                                                                                                                                                            • Part of subcall function 00A39639: BeginPath.GDI32(?), ref: 00A396B9
                                                                                                                                                                                                                            • Part of subcall function 00A39639: SelectObject.GDI32(?,00000000), ref: 00A396E2
                                                                                                                                                                                                                          • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00AB8A4E
                                                                                                                                                                                                                          • LineTo.GDI32(?,00000003,00000000), ref: 00AB8A62
                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00AB8A70
                                                                                                                                                                                                                          • LineTo.GDI32(?,00000000,00000003), ref: 00AB8A80
                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00AB8A90
                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00AB8AA0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 43455801-0
                                                                                                                                                                                                                          • Opcode ID: ed4d5e480582d7ed30692c24706992edcd99fc343e78512236c4a84077c0ba12
                                                                                                                                                                                                                          • Instruction ID: 9ba14c1cfc8d7f297ad1efda72958534f4c29d845bd6109ef11b2f830c010a13
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed4d5e480582d7ed30692c24706992edcd99fc343e78512236c4a84077c0ba12
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD11FA76400149FFDB119FD4EC88EAA7F6CEB04360F008111FA1595171C7719D56DBA0
                                                                                                                                                                                                                          Function 00A851FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00A85218
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00A85229
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A85230
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00A85238
                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00A8524F
                                                                                                                                                                                                                          • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00A85261
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                                                                          • Opcode ID: f1af3f7963200998c57e214f5265f78dd0d9f7a92f22ab6c2e7910628b278bc0
                                                                                                                                                                                                                          • Instruction ID: 0819c590bb9fbd16b3ef57e279bc3e9efbd4dc07efd521500be28755919429ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f1af3f7963200998c57e214f5265f78dd0d9f7a92f22ab6c2e7910628b278bc0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F014F75E00718BBEB10ABF99C49E5EBFB8FF48761F044165FA04A7291DA709901CBA0
                                                                                                                                                                                                                          Function 00A21BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00A21BF4
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000010,00000000), ref: 00A21BFC
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00A21C07
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00A21C12
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000011,00000000), ref: 00A21C1A
                                                                                                                                                                                                                          • MapVirtualKeyW.USER32(00000012,00000000), ref: 00A21C22
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Virtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4278518827-0
                                                                                                                                                                                                                          • Opcode ID: ae9ac1d2fa98792ef93af957c830641d326a0ce769a93b5da1873435c73a08cb
                                                                                                                                                                                                                          • Instruction ID: 94013edbdfc65a2323be1170879abbebbcc938111195e63bbd5f5d4dcbab055c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae9ac1d2fa98792ef93af957c830641d326a0ce769a93b5da1873435c73a08cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C0167B0902B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                          Function 00A8EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00A8EB30
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00A8EB46
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 00A8EB55
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8EB64
                                                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8EB6E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00A8EB75
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 839392675-0
                                                                                                                                                                                                                          • Opcode ID: 64c02621aa7c944c38dd062c157566ad7a4d956b632d4ec6a645e2209fef5575
                                                                                                                                                                                                                          • Instruction ID: 0511d1b151047116414bd45dbbf00ba2513438f2a455982db0ed2b8531d9f4ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 64c02621aa7c944c38dd062c157566ad7a4d956b632d4ec6a645e2209fef5575
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62F05B72140154BBD72197929C0DEEF7F7CEFCAB21F004259F501E50A2E7A45A02C6B5
                                                                                                                                                                                                                          Function 00A77439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 00A77452
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001328,00000000,?), ref: 00A77469
                                                                                                                                                                                                                          • GetWindowDC.USER32(?), ref: 00A77475
                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,?), ref: 00A77484
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00A77496
                                                                                                                                                                                                                          • GetSysColor.USER32(00000005), ref: 00A774B0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 272304278-0
                                                                                                                                                                                                                          • Opcode ID: eb824fe57f68f502fde75409fff0ae6d11b86281785977015e6fa94ced585e01
                                                                                                                                                                                                                          • Instruction ID: 71809d736bc4646cbd41f79b223787b4278e6e3806922c864804f63b7d20bc6e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb824fe57f68f502fde75409fff0ae6d11b86281785977015e6fa94ced585e01
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8014B31400215EFDB519FA4DC08FAE7BB5FB04321F518264F91AA21B2CB311E52EB50
                                                                                                                                                                                                                          Function 00A81874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A8187F
                                                                                                                                                                                                                          • UnloadUserProfile.USERENV(?,?), ref: 00A8188B
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00A81894
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00A8189C
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,?), ref: 00A818A5
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A818AC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 146765662-0
                                                                                                                                                                                                                          • Opcode ID: efd09564eca3db7f3468e48f35c1225b1a5d41a0c4f562e2a26844679d1f95e1
                                                                                                                                                                                                                          • Instruction ID: 098c63bdbadd3f98cc3de0a45c3bc03987e9e3b56a39f61e2ed177f37e02fa38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: efd09564eca3db7f3468e48f35c1225b1a5d41a0c4f562e2a26844679d1f95e1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CE0C276004101BBDA019FE5ED0CD0ABB69FB49B32B508321F22595072CB329462DB60
                                                                                                                                                                                                                          Function 00A8C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A27620: _wcslen.LIBCMT ref: 00A27625
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A8C6EE
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8C735
                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A8C79C
                                                                                                                                                                                                                          • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00A8C7CA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                          • Opcode ID: 0bc1f4f4d4822b11b55ad0c3f66e078721e52dcd1a08c855bdd6bb46a0cc44db
                                                                                                                                                                                                                          • Instruction ID: 0f58012e0ff343a496428e781fdb4389c114b2f15ebb0992d03d260c7ff9222e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0bc1f4f4d4822b11b55ad0c3f66e078721e52dcd1a08c855bdd6bb46a0cc44db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4651BF716143019BD714EF68C985B6BB7E8AF89324F040A39F995D31A1EB70DD04CF62
                                                                                                                                                                                                                          Function 00AAAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00AAAEA3
                                                                                                                                                                                                                            • Part of subcall function 00A27620: _wcslen.LIBCMT ref: 00A27625
                                                                                                                                                                                                                          • GetProcessId.KERNEL32(00000000), ref: 00AAAF38
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAAF67
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                          • String ID: <$@
                                                                                                                                                                                                                          • API String ID: 146682121-1426351568
                                                                                                                                                                                                                          • Opcode ID: 08a236f75702e5ae8d115ccec701736092c7409f6ba7d0730804cd327da53dbc
                                                                                                                                                                                                                          • Instruction ID: 22ecf0d8980e95f27fee73be38b2044b65f86f17a83cab5921b600eef4c8e042
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08a236f75702e5ae8d115ccec701736092c7409f6ba7d0730804cd327da53dbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6718D71A00625DFCB14DF58D584A9EBBF0FF09310F0484A9E85AAB3A2C774EE45CB91
                                                                                                                                                                                                                          Function 00A8719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00A87206
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00A8723C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00A8724D
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00A872CF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                          • String ID: DllGetClassObject
                                                                                                                                                                                                                          • API String ID: 753597075-1075368562
                                                                                                                                                                                                                          • Opcode ID: 509d8c3089a8338f69f02277a40f60c0a3800a4a49386dbf8292d0bd23ac7a57
                                                                                                                                                                                                                          • Instruction ID: f07fae74a765d54df6f00f5cb0f2670e407d3285aee9778c8faec1a81191918d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 509d8c3089a8338f69f02277a40f60c0a3800a4a49386dbf8292d0bd23ac7a57
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0417E71A04204EFDB15DF94C884ADE7FB9EF44310F2481A9BD099F21AE7B1D945CBA0
                                                                                                                                                                                                                          Function 00AB3D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00AB3E35
                                                                                                                                                                                                                          • IsMenu.USER32(?), ref: 00AB3E4A
                                                                                                                                                                                                                          • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00AB3E92
                                                                                                                                                                                                                          • DrawMenuBar.USER32 ref: 00AB3EA5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                          • Opcode ID: 408056d30a02827a0955c809634483805e83e57efcf28667317746a456f845c1
                                                                                                                                                                                                                          • Instruction ID: e4f2a1b418cedb0631f44e05b5ce117fdfc89aaa686e44557edd0787bc46d4a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 408056d30a02827a0955c809634483805e83e57efcf28667317746a456f845c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6410676A01249EFDF10DF94D884AEABBF9FF49354F04412AE905AB252D730EE45CB60
                                                                                                                                                                                                                          Function 00A81DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00A81E66
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00A81E79
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000189,?,00000000), ref: 00A81EA9
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                          • Opcode ID: 50a2d5d2f54905fa11ee5ef5cd50df86d995d8c154508edd5902b3c2215d30cc
                                                                                                                                                                                                                          • Instruction ID: 1ad6228d9124028ddddace89b5c39cee4b38685983d4692b21817f7b3c96f830
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50a2d5d2f54905fa11ee5ef5cd50df86d995d8c154508edd5902b3c2215d30cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C212371A00104BEDB14ABA8ED55CFFBBBDEF45760F144529F821A31E1DB38490A8720
                                                                                                                                                                                                                          Function 00AB2F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00AB2F8D
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00AB2F94
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00AB2FA9
                                                                                                                                                                                                                          • DestroyWindow.USER32(?), ref: 00AB2FB1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                          • String ID: SysAnimate32
                                                                                                                                                                                                                          • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                          • Opcode ID: 30f7d6b2ed427ecc983ae3390f7d38b9869ed0c2a4a2e0457101be4716dfbfe9
                                                                                                                                                                                                                          • Instruction ID: aabf54ff3e374682b7e32897e7f19f5ace8fa0512a28a66b42e46ee87bf41a4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30f7d6b2ed427ecc983ae3390f7d38b9869ed0c2a4a2e0457101be4716dfbfe9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F215871204205ABEB108FB49C84FFB77BDEB59364F10462AF950961A2D671DC619760
                                                                                                                                                                                                                          Function 00A44D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00A44D1E,00A528E9,?,00A44CBE,00A528E9,00AE88B8,0000000C,00A44E15,00A528E9,00000002), ref: 00A44D8D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A44DA0
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00A44D1E,00A528E9,?,00A44CBE,00A528E9,00AE88B8,0000000C,00A44E15,00A528E9,00000002,00000000), ref: 00A44DC3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                          • Opcode ID: 0cb53cd0eb3cc6dd41d9c1208bb9271fe2a13d8a909af72c84e73a1e863dcf18
                                                                                                                                                                                                                          • Instruction ID: 3553f487addc7749d0f3a1a2912d320a1c898383b495d14c8f38f4ee26fdc24d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cb53cd0eb3cc6dd41d9c1208bb9271fe2a13d8a909af72c84e73a1e863dcf18
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF04F35A40208FBDB159FD4DC49FAEBBB9EF48762F0002A8F909A6261CB745941DB90
                                                                                                                                                                                                                          Function 00A24E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A24EDD,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E9C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00A24EAE
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00A24EDD,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24EC0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                          • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 145871493-3689287502
                                                                                                                                                                                                                          • Opcode ID: 1d14c7363cfd46381b2640e824083253a6ff9b6ee0c63efefd9386933e5fcdcd
                                                                                                                                                                                                                          • Instruction ID: 06c4527b8bbeaa72c7c1216a158388488454dbe6424085e155f8d0284258406e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d14c7363cfd46381b2640e824083253a6ff9b6ee0c63efefd9386933e5fcdcd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DE08636A056326BE231576DBC18E9F6558BF85F72B060725FC00E2212DBA4CD0340B0
                                                                                                                                                                                                                          Function 00A24E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00A63CDE,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E62
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00A24E74
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,00A63CDE,?,00AF1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00A24E87
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                          • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 145871493-1355242751
                                                                                                                                                                                                                          • Opcode ID: 8fb7eb18485dd56187a4b8bef15f0ebce914bd7a559a6702e8211c97118c9a48
                                                                                                                                                                                                                          • Instruction ID: 8cc0f4b7436539f47d2526146da270f255a06e5df8774fbe9fdcbae0a4dea693
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8fb7eb18485dd56187a4b8bef15f0ebce914bd7a559a6702e8211c97118c9a48
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9D0EC3650263267AA225B6D7C18DCF6A18AF89B613060B25F905A6136CB64CD0285A0
                                                                                                                                                                                                                          Function 00A92947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A92C05
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?), ref: 00A92C87
                                                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00A92C9D
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A92CAE
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00A92CC0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$Delete$Copy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3226157194-0
                                                                                                                                                                                                                          • Opcode ID: 37d0959105a5c458c1076236d848cc4b9f52e961a1bcd38a56b19d503b9a16d1
                                                                                                                                                                                                                          • Instruction ID: 0346662d3ed7a2faa020fa1acb8cb66368c486603321fed95875447687afdc70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 37d0959105a5c458c1076236d848cc4b9f52e961a1bcd38a56b19d503b9a16d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86B11D72E00129ABDF25EBA4CD85EDEBBBDEF49350F1040A6F509E7151EA309E448F61
                                                                                                                                                                                                                          Function 00AAA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00AAA427
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00AAA435
                                                                                                                                                                                                                          • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00AAA468
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00AAA63D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3488606520-0
                                                                                                                                                                                                                          • Opcode ID: 71f68dbab6df07577d425fc4d9092777057e1a48455eaa8d0b889eab605d3d2b
                                                                                                                                                                                                                          • Instruction ID: ad16c8c78d3c20f1045c9adacf545b204fc10c6f4358b012339496828b6d7a9b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71f68dbab6df07577d425fc4d9092777057e1a48455eaa8d0b889eab605d3d2b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89A1C1716043019FD720DF28D986F2AB7E1AF98714F14882DF55A9B2D2D7B0ED41CB92
                                                                                                                                                                                                                          Function 00A5BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00AC3700), ref: 00A5BB91
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00A5BC09
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00AF1270,000000FF,?,0000003F,00000000,?), ref: 00A5BC36
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5BB7F
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5BD4B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1286116820-0
                                                                                                                                                                                                                          • Opcode ID: 653dbf540a1b0aca70843a54d52e1e8a0aa7263bdfbb7d1a4c71d6a83835ac5d
                                                                                                                                                                                                                          • Instruction ID: 1da4a7ebdf4b6f5fdbe48d1a53433f9aa463e44d3621583f6d2617f9d5a5c589
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 653dbf540a1b0aca70843a54d52e1e8a0aa7263bdfbb7d1a4c71d6a83835ac5d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2051F771910209EFCB10DFE59D819BAB7B8FF45363B10026AE950E71A1EB709D49CB60
                                                                                                                                                                                                                          Function 00A8E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A8DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00A8CF22,?), ref: 00A8DDFD
                                                                                                                                                                                                                            • Part of subcall function 00A8DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00A8CF22,?), ref: 00A8DE16
                                                                                                                                                                                                                            • Part of subcall function 00A8E199: GetFileAttributesW.KERNEL32(?,00A8CF95), ref: 00A8E19A
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,?), ref: 00A8E473
                                                                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00A8E4AC
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8E5EB
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8E603
                                                                                                                                                                                                                          • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00A8E650
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3183298772-0
                                                                                                                                                                                                                          • Opcode ID: 1cf78135011844af36d23a5779fb70f39105a7f81fac320949bd57b9e62ac9cf
                                                                                                                                                                                                                          • Instruction ID: 763b61ce46ce3328e6e6e5798aa130c3993e601d88cf777bcb8418234127effd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cf78135011844af36d23a5779fb70f39105a7f81fac320949bd57b9e62ac9cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E5153B24083459BC724EBA4DD819DFB3ECAFD4350F00492EF689D3191EF75A6888766
                                                                                                                                                                                                                          Function 00AAB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00AAB6AE,?,?), ref: 00AAC9B5
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AAC9F1
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA68
                                                                                                                                                                                                                            • Part of subcall function 00AAC998: _wcslen.LIBCMT ref: 00AACA9E
                                                                                                                                                                                                                          • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00AABAA5
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00AABB00
                                                                                                                                                                                                                          • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00AABB63
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?), ref: 00AABBA6
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 00AABBB3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 826366716-0
                                                                                                                                                                                                                          • Opcode ID: 65d2fc0e0d62b115eed6923605b36f10864a2c3a28bec5faeac4a1260c53c502
                                                                                                                                                                                                                          • Instruction ID: bc45c842b670b7eda9f2f346cd8c1af470088f54da60106d6b8c0ddd006d911e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 65d2fc0e0d62b115eed6923605b36f10864a2c3a28bec5faeac4a1260c53c502
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC61A131218241EFD314DF54C490E2ABBE5FF85358F14856CF4998B2A2DB31ED45CBA2
                                                                                                                                                                                                                          Function 00A88BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 00A88BCD
                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00A88C3E
                                                                                                                                                                                                                          • VariantClear.OLEAUT32 ref: 00A88C9D
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00A88D10
                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00A88D3B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4136290138-0
                                                                                                                                                                                                                          • Opcode ID: 246a5c76ce1967c7f8ed694851bf7142be689ab18f397778a9e380cc951d9803
                                                                                                                                                                                                                          • Instruction ID: 5176d09bd21caa1136d84ba9e8c9d7006984e42ec999741c88f0fa5d331c3299
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 246a5c76ce1967c7f8ed694851bf7142be689ab18f397778a9e380cc951d9803
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 995159B5A00219EFCB14DF68C894EAAB7F8FF89310B158559E905DB354EB34E912CF90
                                                                                                                                                                                                                          Function 00A98AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00A98BAE
                                                                                                                                                                                                                          • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00A98BDA
                                                                                                                                                                                                                          • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00A98C32
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00A98C57
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00A98C5F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2832842796-0
                                                                                                                                                                                                                          • Opcode ID: 7d865445e0bca52a9190957e9e231c57967214f6716f8b28372f3ba23ca0e831
                                                                                                                                                                                                                          • Instruction ID: 37f447386cacf8f674d674b1beaa327051761070cfdd15450182c4e2567b157e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d865445e0bca52a9190957e9e231c57967214f6716f8b28372f3ba23ca0e831
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B511835A002159FCB05DF64D981A6DBBF5BF49314F088468E84AAB362DB35ED51CB90
                                                                                                                                                                                                                          Function 00AA8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00AA8F40
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00AA8FD0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000000), ref: 00AA8FEC
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00AA9032
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00AA9052
                                                                                                                                                                                                                            • Part of subcall function 00A3F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00A91043,?,75C0E610), ref: 00A3F6E6
                                                                                                                                                                                                                            • Part of subcall function 00A3F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00A7FA64,00000000,00000000,?,?,00A91043,?,75C0E610,?,00A7FA64), ref: 00A3F70D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 666041331-0
                                                                                                                                                                                                                          • Opcode ID: 89aa6c6d532c9cfaf08c0264a8d60be60bedd861d321ea5b247f84cc7ced8a86
                                                                                                                                                                                                                          • Instruction ID: cbdc7731b93ca0a9904068af085e355cedcdd7ab6d1111f80d49e0647516962f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89aa6c6d532c9cfaf08c0264a8d60be60bedd861d321ea5b247f84cc7ced8a86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9512C35600215DFC715DF58C5848AEBBF1FF49324F0481A9E806AB3A2DB31ED86CB91
                                                                                                                                                                                                                          Function 00AB6B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00AB6C33
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,?), ref: 00AB6C4A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00AB6C73
                                                                                                                                                                                                                          • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00A9AB79,00000000,00000000), ref: 00AB6C98
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00AB6CC7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3688381893-0
                                                                                                                                                                                                                          • Opcode ID: f6d4d3f01a7b2fe5b2c53890ad181bd9561dffbc982c4708e610c0e3a7b7c80c
                                                                                                                                                                                                                          • Instruction ID: ab3f6e2949ffd9141f8d0325bececf3972be7eccd3efcbc33e3a1f2296199084
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6d4d3f01a7b2fe5b2c53890ad181bd9561dffbc982c4708e610c0e3a7b7c80c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F741A135604104AFD724CF68CD58FE97FA9EB0A360F140268E995A72A2C379AD41DA90
                                                                                                                                                                                                                          Function 00A52051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                          • Opcode ID: cd3f4205060eabf973fb7634c99f6f74e6eb4688a75ea57f2c0bb03206c0ae05
                                                                                                                                                                                                                          • Instruction ID: 8ac05b1e4e234e31ca54d49ff2489708bd6f56e2b9da118b74127cb5be3a6b6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cd3f4205060eabf973fb7634c99f6f74e6eb4688a75ea57f2c0bb03206c0ae05
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8641B232A00200AFCB24DFB8C981B5EB7B5FF8A325F154569E915EB392D731AD05CB80
                                                                                                                                                                                                                          Function 00A3912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00A39141
                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 00A3915E
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000001), ref: 00A39183
                                                                                                                                                                                                                          • GetAsyncKeyState.USER32(00000002), ref: 00A3919D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4210589936-0
                                                                                                                                                                                                                          • Opcode ID: d4bb26fce40a0117175ff6f9934fb20dc282a5abb86e8b6d02a7235334ebee0a
                                                                                                                                                                                                                          • Instruction ID: 298edfc606b49f0839dc23afe0ee4d925b370f7cbca381dc4528d22dffe53e63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4bb26fce40a0117175ff6f9934fb20dc282a5abb86e8b6d02a7235334ebee0a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70414D31A0861ABBDF159F64C848BEEB774FB05320F20832AF429A72A1C7706950CF91
                                                                                                                                                                                                                          Function 00A93874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetInputState.USER32 ref: 00A938CB
                                                                                                                                                                                                                          • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00A93922
                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00A9394B
                                                                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00A93955
                                                                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00A93966
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2256411358-0
                                                                                                                                                                                                                          • Opcode ID: 91c03c93353bd05faf9ffcba6bb9f127bf4a0819a909b37924eb7bf3876a87c1
                                                                                                                                                                                                                          • Instruction ID: 945c00f5af6e92e0ffadead7e98c16a205df1ddbbae5709346be39de808449fb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 91c03c93353bd05faf9ffcba6bb9f127bf4a0819a909b37924eb7bf3876a87c1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2131F572B04341DEEF35CBB49868FB637F8AB11300F04466DE466C61A0E7F4AA86CB11
                                                                                                                                                                                                                          Function 00A9CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00A9C21E,00000000), ref: 00A9CF38
                                                                                                                                                                                                                          • InternetReadFile.WININET(?,00000000,?,?), ref: 00A9CF6F
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,?,?,?,00A9C21E,00000000), ref: 00A9CFB4
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A9C21E,00000000), ref: 00A9CFC8
                                                                                                                                                                                                                          • SetEvent.KERNEL32(?,?,00000000,?,?,?,00A9C21E,00000000), ref: 00A9CFF2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3191363074-0
                                                                                                                                                                                                                          • Opcode ID: 433f6fc56b3a68aa3553fb5e94c725cb6a92a11b06a1925b4b64e87e02cd2cb5
                                                                                                                                                                                                                          • Instruction ID: 3d9f0e524807668576269e9105487c8abd50f3abf001b960841283adf6f5a0c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 433f6fc56b3a68aa3553fb5e94c725cb6a92a11b06a1925b4b64e87e02cd2cb5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74313971A04B05EFDF20DFA5C988EABBBF9EB14365B10442EF516D2151EB30AE41DB60
                                                                                                                                                                                                                          Function 00A81901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00A81915
                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000201,00000001), ref: 00A819C1
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?), ref: 00A819C9
                                                                                                                                                                                                                          • PostMessageW.USER32(00000001,00000202,00000000), ref: 00A819DA
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00A819E2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3382505437-0
                                                                                                                                                                                                                          • Opcode ID: 4c15a33f330599f31c3ccabb38b6bfc5cdd90b93245124a8f7c7c5cef988ae5e
                                                                                                                                                                                                                          • Instruction ID: 45fae58bda5a2d6a776dee2e53aaf323528771df5ae8ebb60ddf1cdce75cb841
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c15a33f330599f31c3ccabb38b6bfc5cdd90b93245124a8f7c7c5cef988ae5e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C31BF71A00219EFCB00DFA8CD99EEE3BB9EB04325F104329F961A72D1D7B09955CB90
                                                                                                                                                                                                                          Function 00AB5706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00AB5745
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001074,?,00000001), ref: 00AB579D
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB57AF
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB57BA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB5816
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 763830540-0
                                                                                                                                                                                                                          • Opcode ID: 6bad71f852f011a6079ebd286d275037a61f5a555e412891591b78b6f10ef1e6
                                                                                                                                                                                                                          • Instruction ID: f73fff669581cd393c1ce8df02f428be17b295594c44976bac964f551c50f147
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6bad71f852f011a6079ebd286d275037a61f5a555e412891591b78b6f10ef1e6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 85216F75D04618AADB209FB0CC85BEE77BCFF44724F108616E929AA182D7749986CF50
                                                                                                                                                                                                                          Function 00AA0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 00AA0951
                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00AA0968
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00AA09A4
                                                                                                                                                                                                                          • GetPixel.GDI32(00000000,?,00000003), ref: 00AA09B0
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000003), ref: 00AA09E8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4156661090-0
                                                                                                                                                                                                                          • Opcode ID: 4ac077471a64053ae144cdf82a6acda2dfa6dcc7890513e554145907de70cebf
                                                                                                                                                                                                                          • Instruction ID: d54de60497d365c650d85dc83722b7e03fb12fe7865170427529d377bcc8817e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4ac077471a64053ae144cdf82a6acda2dfa6dcc7890513e554145907de70cebf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1218135600214AFD704EFA9D995EAEBBF9EF49710F048168F85A97762CB30AC05CB50
                                                                                                                                                                                                                          Function 00A5CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00A5CDC6
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00A5CDE9
                                                                                                                                                                                                                            • Part of subcall function 00A53820: RtlAllocateHeap.NTDLL(00000000,?,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6,?,00A21129), ref: 00A53852
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00A5CE0F
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5CE22
                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00A5CE31
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                                                                          • Opcode ID: 45aaab6c00982ea23f889e9a4bf87ee3e5b048a546f5875c6f1e22ecfdf8bcf8
                                                                                                                                                                                                                          • Instruction ID: 3ece49be362751a0857ab69592f8f366f5d5cd6368eecae0585bb978992a3851
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 45aaab6c00982ea23f889e9a4bf87ee3e5b048a546f5875c6f1e22ecfdf8bcf8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 740124726013117FA32157BA6C8AC7B6A6CFEC2FB23140229FD01D7215EA308D0681B0
                                                                                                                                                                                                                          Function 00A39639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A39693
                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00A396A2
                                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 00A396B9
                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00A396E2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3225163088-0
                                                                                                                                                                                                                          • Opcode ID: 98224c890e8c3372cd55bda66e495f2b85bf9e4a703714bfc17be92b696f21bd
                                                                                                                                                                                                                          • Instruction ID: 12387a2b78e07917a66717fa47d9b0855b84ee579ccbb8ef075168dd9c40745a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 98224c890e8c3372cd55bda66e495f2b85bf9e4a703714bfc17be92b696f21bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0213A70802205EBDB11DFE9ED99BBA7BA8BB50365F104216F814A61B1D3F09892CFD4
                                                                                                                                                                                                                          Function 00A3990F Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 00A398CC
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00A398D6
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00A398E9
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 00A398F1
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 00A39952
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1860813098-0
                                                                                                                                                                                                                          • Opcode ID: d10f54d69af288632bb4e4138baf2f6d1247e8d1b0344aa5a77875f80c4e0f95
                                                                                                                                                                                                                          • Instruction ID: 43252e1ac169bc5ecb3a4ae43988ab97cd3f60af4a6f4eadd4c2a6dc0cb396e6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d10f54d69af288632bb4e4138baf2f6d1247e8d1b0344aa5a77875f80c4e0f95
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8E113832146250AFC7128FA5ECA5FEB3B74EF57721B180299F5429B1B2C7B10941CB91
                                                                                                                                                                                                                          Function 00A85711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _memcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2931989736-0
                                                                                                                                                                                                                          • Opcode ID: 9565ece18430bb6172264a7dc4083bb41df3e75c04d35e9fa833aa41dc84e3cb
                                                                                                                                                                                                                          • Instruction ID: 82043ded9c635bf57ba4cf361f33a2248fc4329fcdebf7ec6474641f43f0c085
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9565ece18430bb6172264a7dc4083bb41df3e75c04d35e9fa833aa41dc84e3cb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B01B579A41609BFE6086620DE82FFB735CAF61394F448830FD04AE242F760FD5083A4
                                                                                                                                                                                                                          Function 00A52DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00A4F2DE,00A53863,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6), ref: 00A52DFD
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52E32
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52E59
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00A21129), ref: 00A52E66
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00A21129), ref: 00A52E6F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                                                                          • Opcode ID: 5e1f9cae3ef93b1d37f82e2e118186ea307ed20f439bb8820cbd9a4d69a2e035
                                                                                                                                                                                                                          • Instruction ID: 00239c068fcc9eab5b58e85461320ddc35551e8e852b3f998617941d836b991e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1f9cae3ef93b1d37f82e2e118186ea307ed20f439bb8820cbd9a4d69a2e035
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4301F932105A0067C61267B47D47F6B2A69BBD33B7B254129FC21A7293EE349C0E4320
                                                                                                                                                                                                                          Function 00A8000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?,?,00A8035E), ref: 00A8002B
                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?), ref: 00A80046
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?), ref: 00A80054
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?), ref: 00A80064
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00A7FF41,80070057,?,?), ref: 00A80070
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3897988419-0
                                                                                                                                                                                                                          • Opcode ID: 1fc3c4a5178761c4a95e68c15a2a8099beb9d6f1c2d81b35ac5951669985293e
                                                                                                                                                                                                                          • Instruction ID: c0f675b9374d4be17d82016e9df6530ef5b6b81800666bc77929657e43da436a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fc3c4a5178761c4a95e68c15a2a8099beb9d6f1c2d81b35ac5951669985293e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53018B72600204BFDB51AFA8DC04FAA7AFDEF447A2F144224F905D6221E771DD459BA0
                                                                                                                                                                                                                          Function 00A8E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00A8E997
                                                                                                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(?), ref: 00A8E9A5
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00A8E9AD
                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?), ref: 00A8E9B7
                                                                                                                                                                                                                          • Sleep.KERNEL32 ref: 00A8E9F3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2833360925-0
                                                                                                                                                                                                                          • Opcode ID: 0754e66b696db1ffff329b6374941b8571214a5d2c676365424754f96e55705c
                                                                                                                                                                                                                          • Instruction ID: 0a79194addd729ea386120318c7128a82eb7c31374be4543d8ba878a13e624a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0754e66b696db1ffff329b6374941b8571214a5d2c676365424754f96e55705c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1015331C01629DBCF00EBE9ED49AEDFB78BB08311F000646E942B2252CB7096528BA1
                                                                                                                                                                                                                          Function 00A810F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00A81114
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81120
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A8112F
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00A80B9B,?,?,?), ref: 00A81136
                                                                                                                                                                                                                          • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00A8114D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 842720411-0
                                                                                                                                                                                                                          • Opcode ID: 08f1d0142abf22e3560f4b26f233e3593fecaa745bcbb96ac80b83ddf0a70df8
                                                                                                                                                                                                                          • Instruction ID: 2f9f2676bb8148be5120c4a6c522d6921ca790c244d195d3c7dfabeb09b95c66
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08f1d0142abf22e3560f4b26f233e3593fecaa745bcbb96ac80b83ddf0a70df8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32016D75100205BFDB119FA4DC4DEAA3B6EEF85364B100519FA41D7361DA31DC418B60
                                                                                                                                                                                                                          Function 00A80FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00A80FCA
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00A80FD6
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00A80FE5
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00A80FEC
                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00A81002
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                          • Opcode ID: 63e5ac3a81ee00e35a4f9c79e9173ebb52b6d7425a61f871450474aeb079327c
                                                                                                                                                                                                                          • Instruction ID: a8aecb93f1b4fe04071efb7125223f1f0d11044a76d8c994ed25ae213279edb8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63e5ac3a81ee00e35a4f9c79e9173ebb52b6d7425a61f871450474aeb079327c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17F04975600311ABDB21AFA8AC49F563BADEF89762F104525FA46D6262CA70DC428A60
                                                                                                                                                                                                                          Function 00A81014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A8102A
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A81036
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81045
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A8104C
                                                                                                                                                                                                                          • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81062
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 44706859-0
                                                                                                                                                                                                                          • Opcode ID: 34c9bbf78834fe1c41e645520011feca0d889318323d5b37718d67e1889372ae
                                                                                                                                                                                                                          • Instruction ID: fb6dc422acaeb63bc28a1445532f3d4cdaea4e2e12784f197a5331c70c0536fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34c9bbf78834fe1c41e645520011feca0d889318323d5b37718d67e1889372ae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9EF06D75200311EBDB21AFE8EC49F573BADFF89761F500525FA45D7262CA70D8428B60
                                                                                                                                                                                                                          Function 00A9030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A90324
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A90331
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A9033E
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A9034B
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A90358
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,00A9017D,?,00A932FC,?,00000001,00A62592,?), ref: 00A90365
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                                                                          • Opcode ID: 1b887152815f020a54b06e2b07aa61726b0323d66198f85caa3dad083d69c136
                                                                                                                                                                                                                          • Instruction ID: ac031054644b8330c026f9582837ab60fff8ff9798dae357822aecac8dfeac38
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b887152815f020a54b06e2b07aa61726b0323d66198f85caa3dad083d69c136
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9201EE72900B019FCB30AF6AD880803FBF9BF603553048A3FD19692931C3B0A948CF80
                                                                                                                                                                                                                          Function 00A5D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D752
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D764
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D776
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D788
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5D79A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: 9247443d2fcd6cf0f9b2d50afb6bbd6d461381d9ea898133eaa3a8c590457258
                                                                                                                                                                                                                          • Instruction ID: 1e7fc3152e31e893107f91ee108ad88a7b424ad6186815651d797afb1e53dbb3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9247443d2fcd6cf0f9b2d50afb6bbd6d461381d9ea898133eaa3a8c590457258
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF01232544248EBC635EBA8FAC5D567BDDBB497227A40C05F858EB603C730FC858764
                                                                                                                                                                                                                          Function 00A85C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,000003E9), ref: 00A85C58
                                                                                                                                                                                                                          • GetWindowTextW.USER32(00000000,?,00000100), ref: 00A85C6F
                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00A85C87
                                                                                                                                                                                                                          • KillTimer.USER32(?,0000040A), ref: 00A85CA3
                                                                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00A85CBD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3741023627-0
                                                                                                                                                                                                                          • Opcode ID: e7483c014418cd559e7f78b9cb237f00cc10330fa568d2a8e3008c6dfe1d439b
                                                                                                                                                                                                                          • Instruction ID: 443cb7eaba59a051c8546cd4873eada6706fb8f2a4df7c456448447b440db3e2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7483c014418cd559e7f78b9cb237f00cc10330fa568d2a8e3008c6dfe1d439b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72018B705007049BEB256B60DD5EFA577B8BB00705F001659A583614F1DBF099959F50
                                                                                                                                                                                                                          Function 00A522A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A522BE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000), ref: 00A529DE
                                                                                                                                                                                                                            • Part of subcall function 00A529C8: GetLastError.KERNEL32(00000000,?,00A5D7D1,00000000,00000000,00000000,00000000,?,00A5D7F8,00000000,00000007,00000000,?,00A5DBF5,00000000,00000000), ref: 00A529F0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A522D0
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A522E3
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A522F4
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A52305
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                                                                          • Opcode ID: cea86d5ae63f5c2d4e69297e4a64612cca9cfb4d86ec60e37ea4c9b2ff4d23cf
                                                                                                                                                                                                                          • Instruction ID: 2ab60db35741ab6c2efd21d0e1610e914885b0d2344ae8717b4bd04f5087b7b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cea86d5ae63f5c2d4e69297e4a64612cca9cfb4d86ec60e37ea4c9b2ff4d23cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8F03A74800120DBCA12EFD8BD41EAC7B64B75A762B00055AF820E63B3C7310817EFE4
                                                                                                                                                                                                                          Function 00A395C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00A395D4
                                                                                                                                                                                                                          • StrokeAndFillPath.GDI32(?,?,00A771F7,00000000,?,?,?), ref: 00A395F0
                                                                                                                                                                                                                          • SelectObject.GDI32(?,00000000), ref: 00A39603
                                                                                                                                                                                                                          • DeleteObject.GDI32 ref: 00A39616
                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00A39631
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2625713937-0
                                                                                                                                                                                                                          • Opcode ID: d58759883f4e58e0642f21035c838b586d7d89114dee5a87be3b7ffa4f12abb0
                                                                                                                                                                                                                          • Instruction ID: 3ad4ae23337ba2bc3e5c21d324d662d9c37b9282d088eb23b628553c83538e89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d58759883f4e58e0642f21035c838b586d7d89114dee5a87be3b7ffa4f12abb0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F01930006204EBDB12EFE9ED58B7A3B65AB10332F448314F465550F1C7B08996DFA0
                                                                                                                                                                                                                          Function 00A50F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __freea$_free
                                                                                                                                                                                                                          • String ID: a/p$am/pm
                                                                                                                                                                                                                          • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                          • Opcode ID: 693295f2614f9e832e77034bcbe6aba22f23f4231e33fb12cd038220f53a6325
                                                                                                                                                                                                                          • Instruction ID: a691776a77bc43f0dd27cfb373c334ab6234bf24f4438052782b5173dcc152a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 693295f2614f9e832e77034bcbe6aba22f23f4231e33fb12cd038220f53a6325
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FFD13671900206DACB649F68C8A5BFEB7B0FF05722F28026DED019F691D3759D88CB91
                                                                                                                                                                                                                          Function 00AA7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A40242: EnterCriticalSection.KERNEL32(00AF070C,00AF1884,?,?,00A3198B,00AF2518,?,?,?,00A212F9,00000000), ref: 00A4024D
                                                                                                                                                                                                                            • Part of subcall function 00A40242: LeaveCriticalSection.KERNEL32(00AF070C,?,00A3198B,00AF2518,?,?,?,00A212F9,00000000), ref: 00A4028A
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A400A3: __onexit.LIBCMT ref: 00A400A9
                                                                                                                                                                                                                          • __Init_thread_footer.LIBCMT ref: 00AA7BFB
                                                                                                                                                                                                                            • Part of subcall function 00A401F8: EnterCriticalSection.KERNEL32(00AF070C,?,?,00A38747,00AF2514), ref: 00A40202
                                                                                                                                                                                                                            • Part of subcall function 00A401F8: LeaveCriticalSection.KERNEL32(00AF070C,?,00A38747,00AF2514), ref: 00A40235
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                          • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                          • API String ID: 535116098-3733170431
                                                                                                                                                                                                                          • Opcode ID: 632197f2e317de8990588c0cf15033ee78398c2091b552740965081a88e1562c
                                                                                                                                                                                                                          • Instruction ID: d80dd4bc2fbac29afe80ec57710286f15446b467154b626d5a95b2bf53682d56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 632197f2e317de8990588c0cf15033ee78398c2091b552740965081a88e1562c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CB918B75A04209EFCB14EF98D991DBEB7B1FF4A300F108059F906AB292DB71AE45CB51
                                                                                                                                                                                                                          Function 00A82716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A8B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A821D0,?,?,00000034,00000800,?,00000034), ref: 00A8B42D
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00A82760
                                                                                                                                                                                                                            • Part of subcall function 00A8B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00A821FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00A8B3F8
                                                                                                                                                                                                                            • Part of subcall function 00A8B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00A8B355
                                                                                                                                                                                                                            • Part of subcall function 00A8B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00A82194,00000034,?,?,00001004,00000000,00000000), ref: 00A8B365
                                                                                                                                                                                                                            • Part of subcall function 00A8B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00A82194,00000034,?,?,00001004,00000000,00000000), ref: 00A8B37B
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A827CD
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00A8281A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                          • Opcode ID: 5173e7c8b94c771706e8785fec61fda82881efa421cfed65dde5c52fcb9da1ed
                                                                                                                                                                                                                          • Instruction ID: 059488a69368eec72d31b412e89e8d0a623396ec8f20385f3c8fd40479d1d46a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5173e7c8b94c771706e8785fec61fda82881efa421cfed65dde5c52fcb9da1ed
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67410972900218AFDB10EFA4C956FEEBBB8EB09700F104095EA55B7191DA706E45CBA1
                                                                                                                                                                                                                          Function 00A5172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00A51769
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A51834
                                                                                                                                                                                                                          • _free.LIBCMT ref: 00A5183E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                                                                          • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                          • API String ID: 2506810119-4010620828
                                                                                                                                                                                                                          • Opcode ID: 871ff06324b74e54552ca4fe0a06806da2331af9a026177799a2b7a330889eec
                                                                                                                                                                                                                          • Instruction ID: c49b4e0c2212fc09428a9fb64cdb0bdf2b0cfd52f00879be9b3a8b44d8a4d1c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 871ff06324b74e54552ca4fe0a06806da2331af9a026177799a2b7a330889eec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39316E75A00218EFDB21DBD99D85EAEBBFCFB99311B144166FC0497211D6B08E49CB90
                                                                                                                                                                                                                          Function 00A8C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00A8C306
                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000007,00000000), ref: 00A8C34C
                                                                                                                                                                                                                          • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00AF1990,010A52D8), ref: 00A8C395
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 135850232-4108050209
                                                                                                                                                                                                                          • Opcode ID: ab59f3b6bed8d2d7b8a2b715b0641d112ce56e6ebda8160b767c160c4687ff9f
                                                                                                                                                                                                                          • Instruction ID: 16f66e78b5e1f6b13a9d51dfcc05b9fa8fafca6ab67f50f6fb611700272fd46d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab59f3b6bed8d2d7b8a2b715b0641d112ce56e6ebda8160b767c160c4687ff9f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62419F712043019FD724EF29D884B5ABBE4EF85320F148A2DF9A59B2D1D730E906DF62
                                                                                                                                                                                                                          Function 00AB4416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00ABCC08,00000000,?,?,?,?), ref: 00AB44AA
                                                                                                                                                                                                                          • GetWindowLongW.USER32 ref: 00AB44C7
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB44D7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                          • String ID: SysTreeView32
                                                                                                                                                                                                                          • API String ID: 847901565-1698111956
                                                                                                                                                                                                                          • Opcode ID: 9f7930abf71df9020ae526c5a329cd956b4c13842cec45affc3af941e60fdc3a
                                                                                                                                                                                                                          • Instruction ID: 021af1f45331d428acd95796bd460c2236ad161b780ca43546d70dcd2486d089
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7930abf71df9020ae526c5a329cd956b4c13842cec45affc3af941e60fdc3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 56316B31210605AFDB219F78DC45FEA7BA9EB09334F204725F979921E2D770EC619B60
                                                                                                                                                                                                                          Function 00AA304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00AA335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00AA3077,?,?), ref: 00AA3378
                                                                                                                                                                                                                          • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00AA307A
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AA309B
                                                                                                                                                                                                                          • htons.WSOCK32(00000000,?,?,00000000), ref: 00AA3106
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                          • String ID: 255.255.255.255
                                                                                                                                                                                                                          • API String ID: 946324512-2422070025
                                                                                                                                                                                                                          • Opcode ID: 31332bab7645909a45f873d969dbe866b3b0576beafcb18dd9cc17807f90ed50
                                                                                                                                                                                                                          • Instruction ID: b9aa134fc3836db7b8f6578ddb1efe3039b5942a2dd9f0ad70c5b01297ce8286
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31332bab7645909a45f873d969dbe866b3b0576beafcb18dd9cc17807f90ed50
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA31923A6042059FCF10CF68C585E6A77E0EF56314F248159F9158B3D2DB71DE45C761
                                                                                                                                                                                                                          Function 00AB3EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00AB3F40
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00AB3F54
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB3F78
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                          • String ID: SysMonthCal32
                                                                                                                                                                                                                          • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                          • Opcode ID: e3b986f760928e73a7fcd12ad1106c80dc665f6c174fdeadf7b0b7fc09ab3b0c
                                                                                                                                                                                                                          • Instruction ID: e79101559c131f2587fa64010b60ca35c82a0bcd8ca1cc183fa10072837bceb4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3b986f760928e73a7fcd12ad1106c80dc665f6c174fdeadf7b0b7fc09ab3b0c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E221AB33600219BBDF21CFA4DC46FEA3B79EB48724F110214FA156B191D6B5A851CBA0
                                                                                                                                                                                                                          Function 00AB4653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00AB4705
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00AB4713
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00AB471A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                          • String ID: msctls_updown32
                                                                                                                                                                                                                          • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                          • Opcode ID: 4a7682ba2d1db995f47315e2c4a28f55ca8b6cc2d98433af186e93c4b7d0dff0
                                                                                                                                                                                                                          • Instruction ID: 086bcaf3753e1926c08f9dd623a147ecf92b5ebec2e50f78d8ba4e7893ebb43f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a7682ba2d1db995f47315e2c4a28f55ca8b6cc2d98433af186e93c4b7d0dff0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 462160B5600208AFEB10DF68DCD1DB737ADEB5E3A4B040159FA009B262DB71EC52DA60
                                                                                                                                                                                                                          Function 00A895AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                          • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                          • API String ID: 176396367-2734436370
                                                                                                                                                                                                                          • Opcode ID: 52f29c992f8f6115289b2d77638716d65610a3edd072f3ff6db0407886a779db
                                                                                                                                                                                                                          • Instruction ID: 12d82825be10a53ccace951b18f03aaa5be5e09c8cf08533a57d89fdedd4ac25
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52f29c992f8f6115289b2d77638716d65610a3edd072f3ff6db0407886a779db
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FF215732204620AAD335BB28ED02FBB73ECAF91300F18443AF94997082FB55EE45C395
                                                                                                                                                                                                                          Function 00AB37B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00AB3840
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00AB3850
                                                                                                                                                                                                                          • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00AB3876
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                          • String ID: Listbox
                                                                                                                                                                                                                          • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                          • Opcode ID: bca69e549ed63bed8d9bf1c26f10c2f6b4e3a501a984a09e4c85ee8ff6313f6c
                                                                                                                                                                                                                          • Instruction ID: 9338b7e83b93093eb8f12929ab5d17cfd71590c66945a7488d429fdb1c909617
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bca69e549ed63bed8d9bf1c26f10c2f6b4e3a501a984a09e4c85ee8ff6313f6c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37218B72610218BBEF21CFA5DC85EFB376EEF89760F118124F9059B191CA75DC528BA0
                                                                                                                                                                                                                          Function 00A949F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000001), ref: 00A94A08
                                                                                                                                                                                                                          • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00A94A5C
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,00ABCC08), ref: 00A94AD0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                          • String ID: %lu
                                                                                                                                                                                                                          • API String ID: 2507767853-685833217
                                                                                                                                                                                                                          • Opcode ID: 97d7e352d67ea7f88be66dc2815f31f3f80e0f73ceb28fa1557e83dcc58cf321
                                                                                                                                                                                                                          • Instruction ID: 6babdce6b214dd66f3e64437ae6765ed290be3cb93cf947f1f99e37bbfbaafbd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97d7e352d67ea7f88be66dc2815f31f3f80e0f73ceb28fa1557e83dcc58cf321
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B317371A00108AFDB10DF58C985EAA7BF8EF08318F1440A5F505EB262D771ED46CB61
                                                                                                                                                                                                                          Function 00AB41EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00AB424F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00AB4264
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00AB4271
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID: msctls_trackbar32
                                                                                                                                                                                                                          • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                          • Opcode ID: dc4ceeaf2261ec996719d77ac9d685980af9d1d979ea4e4300184e40d1f34710
                                                                                                                                                                                                                          • Instruction ID: 95fe6810ff550fa7aa5c6496509a78eb9614d043d34d1cfb2bf6dd66a01a0048
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc4ceeaf2261ec996719d77ac9d685980af9d1d979ea4e4300184e40d1f34710
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E11E371240248BEEF209F69CC06FEB3BACEF99B64F010624FA55E20A2D271DC119B50
                                                                                                                                                                                                                          Function 00A82F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A26B57: _wcslen.LIBCMT ref: 00A26B6A
                                                                                                                                                                                                                            • Part of subcall function 00A82DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A82DC5
                                                                                                                                                                                                                            • Part of subcall function 00A82DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A82DD6
                                                                                                                                                                                                                            • Part of subcall function 00A82DA7: GetCurrentThreadId.KERNEL32 ref: 00A82DDD
                                                                                                                                                                                                                            • Part of subcall function 00A82DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A82DE4
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00A82F78
                                                                                                                                                                                                                            • Part of subcall function 00A82DEE: GetParent.USER32(00000000), ref: 00A82DF9
                                                                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000100), ref: 00A82FC3
                                                                                                                                                                                                                          • EnumChildWindows.USER32(?,00A8303B), ref: 00A82FEB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                          • String ID: %s%d
                                                                                                                                                                                                                          • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                          • Opcode ID: 2e20a0d3bb46aaa2ea71dc9a182e79aacba5ce51a6471300858435471d34a61a
                                                                                                                                                                                                                          • Instruction ID: 1c96632aadc0318999e1664c90ca4814e9eef5a97f79dfd432886df2bee1e330
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e20a0d3bb46aaa2ea71dc9a182e79aacba5ce51a6471300858435471d34a61a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6411B1766002056BCF15BFB49D95FFE3B6AAF94314F048075F9099B292DE309A4A8B70
                                                                                                                                                                                                                          Function 00AB5882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AB58C1
                                                                                                                                                                                                                          • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00AB58EE
                                                                                                                                                                                                                          • DrawMenuBar.USER32(?), ref: 00AB58FD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                          • Opcode ID: 8f3d6abe2c97133f94380642ff062077a06b01617507b9dc9b6589c132fceb3a
                                                                                                                                                                                                                          • Instruction ID: 6929449a48ba8193bd45223827ec88b0076d938e4105bda080d5094f4b6f04c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f3d6abe2c97133f94380642ff062077a06b01617507b9dc9b6589c132fceb3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1016D31900218EFDB219F61DC44FEEBBB9FB45360F1480AAF849D6162DB308A94DF21
                                                                                                                                                                                                                          Function 00A7D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00A7D3BF
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32 ref: 00A7D3E5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                          • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                          • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                          • Opcode ID: f17b0c8388a2f6da9a8957bcc6aba764ebb422db51b9b319f18b99d6f1d5ebba
                                                                                                                                                                                                                          • Instruction ID: a2b5b6d48f45692e57021ddcd0dad69558de524ff08a503c510147da2e57297e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f17b0c8388a2f6da9a8957bcc6aba764ebb422db51b9b319f18b99d6f1d5ebba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBF0AB32802A20EBD37143148C54EED7338AF00B02F55C714F80EF9057EB60CD4282D2
                                                                                                                                                                                                                          Function 00A8007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c8a2b780aa5baabe7517d4db4b8ac1fc8c931dda603181471a7269f613f0707a
                                                                                                                                                                                                                          • Instruction ID: db5093fe4c532e0b3f8a28573768c2a922896a9658bca907f52013843feef000
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8a2b780aa5baabe7517d4db4b8ac1fc8c931dda603181471a7269f613f0707a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67C16875A0020AAFDB54DFA8C888EAEB7B5FF48314F218598E505EF251D770EE45CB90
                                                                                                                                                                                                                          Function 00A53E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                                                                          • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                          • Instruction ID: 246cbe646ff071c0ce3b464f63921c0e43544fefbe7a3a720103e6acfa0aecd4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03A15972D007869FEB15CF18C8917AEBBF4FF69395F28426DE9459B281C2388989C750
                                                                                                                                                                                                                          Function 00AA342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1998397398-0
                                                                                                                                                                                                                          • Opcode ID: d1ff03e77337b3571efbd0432562e0c0047630dac505bb3c1d024a1934e37ae7
                                                                                                                                                                                                                          • Instruction ID: 55f22fd433b76fc898128229bd7f3a5dccf5dd85777ee88f9ebcb8c0503e58fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1ff03e77337b3571efbd0432562e0c0047630dac505bb3c1d024a1934e37ae7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8A13C756043119FCB00DF28D585A2EB7E5FF89714F148859F98A9B3A2DB30EE01CB91
                                                                                                                                                                                                                          Function 00A80436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00ABFC08,?), ref: 00A805F0
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00ABFC08,?), ref: 00A80608
                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,00000000,00ABCC40,000000FF,?,00000000,00000800,00000000,?,00ABFC08,?), ref: 00A8062D
                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 00A8064E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 314563124-0
                                                                                                                                                                                                                          • Opcode ID: 640712b83a6a520d2168dafc9934aedbed491151786c2ed2098c064231af91cd
                                                                                                                                                                                                                          • Instruction ID: 58d102f66a9f60f3f12c9c395b80791688470d9851eb2b523c0d7fc4b3887866
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 640712b83a6a520d2168dafc9934aedbed491151786c2ed2098c064231af91cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03811D71A00109EFCB44DFD4C984DEEB7B9FF89315F244568E506AB250DB71AE0ACB60
                                                                                                                                                                                                                          Function 00AAA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00AAA6AC
                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(00000000,?), ref: 00AAA6BA
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • Process32NextW.KERNEL32(00000000,?), ref: 00AAA79C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00AAA7AB
                                                                                                                                                                                                                            • Part of subcall function 00A3CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00A63303,?), ref: 00A3CE8A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1991900642-0
                                                                                                                                                                                                                          • Opcode ID: ce9ef2e5f04686a79662d0fbf1e39868b53093b1b41d3b398c7ca62da64c9594
                                                                                                                                                                                                                          • Instruction ID: 710ff541ca2bf5a26254af913c452c2cf07e2bc14266cb4348f765d72eb90a42
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce9ef2e5f04686a79662d0fbf1e39868b53093b1b41d3b398c7ca62da64c9594
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73514E71508310AFD710EF28D986E6BBBE8FF99754F00492DF595972A2EB30D904CB92
                                                                                                                                                                                                                          Function 00A61391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 269201875-0
                                                                                                                                                                                                                          • Opcode ID: bba654181ab21a33156b9aa660fe60f3dc2d74551f0a6cd5846081861ee17e75
                                                                                                                                                                                                                          • Instruction ID: df9290431ffad95034ef768128d8efacb90feb42078aab4d0fb2c3bc69912867
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bba654181ab21a33156b9aa660fe60f3dc2d74551f0a6cd5846081861ee17e75
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9412F75A00510ABDB21BBFD9D4A6BE3EB4FF81370F1C4225F819D7292EA7488415361
                                                                                                                                                                                                                          Function 00AB6278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00AB62E2
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB6315
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00AB6382
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3880355969-0
                                                                                                                                                                                                                          • Opcode ID: c1c72446a5daab89e6465780d936ead488f839628006172075180b63b5706621
                                                                                                                                                                                                                          • Instruction ID: 98a706af9fb6df2b87cedf724bf91130bcd5f70194f85bc4aa070125a67f4a65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1c72446a5daab89e6465780d936ead488f839628006172075180b63b5706621
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6F511A74A00209EFDB10DF68D9809EE7BF9FB55360F108269F9159B2A2D774ED81CB90
                                                                                                                                                                                                                          Function 00AA1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • socket.WSOCK32(00000002,00000002,00000011), ref: 00AA1AFD
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1B0B
                                                                                                                                                                                                                          • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00AA1B8A
                                                                                                                                                                                                                          • WSAGetLastError.WSOCK32 ref: 00AA1B94
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLast$socket
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1881357543-0
                                                                                                                                                                                                                          • Opcode ID: 27471a26cdd631a9f9b5270a1e15200c7f2c233f3c7d5e0951307c658cd947e2
                                                                                                                                                                                                                          • Instruction ID: 8e55e5d6ee6ca265841bfebb000005d1d02485e37e1152959551a258cab21217
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27471a26cdd631a9f9b5270a1e15200c7f2c233f3c7d5e0951307c658cd947e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA41B034600210AFE720EF24D986F2A77E5AF49718F548458F91A9F7D3D772ED428BA0
                                                                                                                                                                                                                          Function 00A5B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 87dc3880c412e4ecb72849aa466c15fb46383c6c52371238ebb35b81af6fc1d5
                                                                                                                                                                                                                          • Instruction ID: b40b160e2d6c8a4b5247245c0303c2b6ad8c68c8c8eb8741932886735c714cb9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87dc3880c412e4ecb72849aa466c15fb46383c6c52371238ebb35b81af6fc1d5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3412975A10304BFD7249F38CD41BAABBF9FB88712F20852EF902DB281D371994587A0
                                                                                                                                                                                                                          Function 00A956D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00A95783
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00A957A9
                                                                                                                                                                                                                          • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00A957CE
                                                                                                                                                                                                                          • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00A957FA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3321077145-0
                                                                                                                                                                                                                          • Opcode ID: b6c0a7fe958f31e45d462f840d12755aae6ec2bd9b5ac12bb519c5a2a7727656
                                                                                                                                                                                                                          • Instruction ID: bd24e53fc78b50d6409c4dca3eda5d32278fd59138aa7c60d9bdecaf3c7b9123
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6c0a7fe958f31e45d462f840d12755aae6ec2bd9b5ac12bb519c5a2a7727656
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 01412F35600610DFCF11EF59D545A5EBBE1EF49720B18C498E84A6B362CB30FD01DB91
                                                                                                                                                                                                                          Function 00A5D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00A46D71,00000000,00000000,00A482D9,?,00A482D9,?,00000001,00A46D71,8BE85006,00000001,00A482D9,00A482D9), ref: 00A5D910
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A5D999
                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00A5D9AB
                                                                                                                                                                                                                          • __freea.LIBCMT ref: 00A5D9B4
                                                                                                                                                                                                                            • Part of subcall function 00A53820: RtlAllocateHeap.NTDLL(00000000,?,00AF1444,?,00A3FDF5,?,?,00A2A976,00000010,00AF1440,00A213FC,?,00A213C6,?,00A21129), ref: 00A53852
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                                                                          • Opcode ID: 2fe86ef4c16929967105f5f2634b61bd199aae43b8182bb32af62136b55e4297
                                                                                                                                                                                                                          • Instruction ID: 5868a297cc2091d471e546248e8e575af931d60b93489657302e519c997ace1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fe86ef4c16929967105f5f2634b61bd199aae43b8182bb32af62136b55e4297
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE31B072A0020AEBDF24DF64DC41EAE7BA5EB41311B154268FC04E7161EB35DD59CB90
                                                                                                                                                                                                                          Function 00AB52C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00AB5352
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB5375
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00AB5382
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00AB53A8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3340791633-0
                                                                                                                                                                                                                          • Opcode ID: 1d568df5531822a99214c9185d0b47d252bc8dfcd5a98fde68dca9a68c7311a4
                                                                                                                                                                                                                          • Instruction ID: a7fa67dd5955c6f1700bf9a32b1696168a2216d820985ca7eb3d730169c9d434
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d568df5531822a99214c9185d0b47d252bc8dfcd5a98fde68dca9a68c7311a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9631BE34E55A08EFEB249B64CC65FE837E9AB05390F584102FA119A3E2C7B59981AB41
                                                                                                                                                                                                                          Function 00A8AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyboardState.USER32(?,75A4C0D0,?,00008000), ref: 00A8ABF1
                                                                                                                                                                                                                          • SetKeyboardState.USER32(00000080,?,00008000), ref: 00A8AC0D
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000101,00000000), ref: 00A8AC74
                                                                                                                                                                                                                          • SendInput.USER32(00000001,?,0000001C,75A4C0D0,?,00008000), ref: 00A8ACC6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 432972143-0
                                                                                                                                                                                                                          • Opcode ID: 4853492e6c8e9588731241e482152fcc899a47a11c4df8ee4afe78765b5141f0
                                                                                                                                                                                                                          • Instruction ID: 0db59f899334c005df87d25abc3367da592c0165e1cc5d74538370e0c1e0d331
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4853492e6c8e9588731241e482152fcc899a47a11c4df8ee4afe78765b5141f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E43107B0A407186FFF35EBA98C14BFA7BB5ABA9320F08431BE485921D1D37589858752
                                                                                                                                                                                                                          Function 00AB7674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00AB769A
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00AB7710
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,00AB8B89), ref: 00AB7720
                                                                                                                                                                                                                          • MessageBeep.USER32(00000000), ref: 00AB778C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1352109105-0
                                                                                                                                                                                                                          • Opcode ID: 8e8e1165b4f4fd5911c3cde454692e8522e427934732690b881af6565b40ed11
                                                                                                                                                                                                                          • Instruction ID: e13cc3465dacb5453834319a7607e283d083cd54dafb484121eabd31b375605c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e8e1165b4f4fd5911c3cde454692e8522e427934732690b881af6565b40ed11
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 25416D34A09214DFCB11CF99C894EED7BF9FB89314F1541A8E4159B262CBB1E982CF90
                                                                                                                                                                                                                          Function 00AB16DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00AB16EB
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00A83A57
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: GetCurrentThreadId.KERNEL32 ref: 00A83A5E
                                                                                                                                                                                                                            • Part of subcall function 00A83A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00A825B3), ref: 00A83A65
                                                                                                                                                                                                                          • GetCaretPos.USER32(?), ref: 00AB16FF
                                                                                                                                                                                                                          • ClientToScreen.USER32(00000000,?), ref: 00AB174C
                                                                                                                                                                                                                          • GetForegroundWindow.USER32 ref: 00AB1752
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2759813231-0
                                                                                                                                                                                                                          • Opcode ID: b95743ceef4f4fed995b094413d3d9d5e3b1ea0a1c0d0ce2bd75c9f8e7b007b0
                                                                                                                                                                                                                          • Instruction ID: b600aa4d928fb1fb67842df35c237fb9a7a99ee982e7f0aeceec4163c0e7638a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b95743ceef4f4fed995b094413d3d9d5e3b1ea0a1c0d0ce2bd75c9f8e7b007b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03313E71D00259AFCB04EFA9D981DEEBBFDEF48314B5080A9E415E7212DA319E45CBA0
                                                                                                                                                                                                                          Function 00A8DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A27620: _wcslen.LIBCMT ref: 00A27625
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8DFCB
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8DFE2
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A8E00D
                                                                                                                                                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00A8E018
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$ExtentPoint32Text
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3763101759-0
                                                                                                                                                                                                                          • Opcode ID: 84e68d45c6e3fafb011e0eb8dfd0a68b39784efaa78e54d474e0f7b2ccdf5f19
                                                                                                                                                                                                                          • Instruction ID: 9d82e824101e157f4d653f33f9b8954c7aa5e3007fc6edab1542d994afdd6f73
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 84e68d45c6e3fafb011e0eb8dfd0a68b39784efaa78e54d474e0f7b2ccdf5f19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D21D175D40214EFCB20EFA8DA81BAEB7F8EF85750F104064F905BB286D6709E41CBA1
                                                                                                                                                                                                                          Function 00AB8FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB9001
                                                                                                                                                                                                                          • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00A77711,?,?,?,?,?), ref: 00AB9016
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB905E
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00A77711,?,?,?), ref: 00AB9094
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2864067406-0
                                                                                                                                                                                                                          • Opcode ID: 9edbebf9a746b3785a79d700eb5a36d6fe97233fcec7fa8d81aaca8c8f2f403e
                                                                                                                                                                                                                          • Instruction ID: e8dbd83358215bee84f3c62929079be6907b90a36eecce0f9a10d7fa3d501622
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9edbebf9a746b3785a79d700eb5a36d6fe97233fcec7fa8d81aaca8c8f2f403e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 57219F35600018EFCB25DF94C898EFB7FB9EB4A360F044155FA0547262C3719951EBA1
                                                                                                                                                                                                                          Function 00A8D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,00ABCB68), ref: 00A8D2FB
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A8D30A
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 00A8D319
                                                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00ABCB68), ref: 00A8D376
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2267087916-0
                                                                                                                                                                                                                          • Opcode ID: f6a476df6b473a2873307ec36f9cdfb88e2bcf322d8cb1069b6cd54ce103575e
                                                                                                                                                                                                                          • Instruction ID: 1eb5d260eda686a793ef65acc41956e53b240e472cd0b37e13b242caf9d516e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6a476df6b473a2873307ec36f9cdfb88e2bcf322d8cb1069b6cd54ce103575e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EF2180705042019FC700EF68D9818AEB7E8FE5A724F104A2DF499DB2E2E7309946CB93
                                                                                                                                                                                                                          Function 00A81571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A81014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00A8102A
                                                                                                                                                                                                                            • Part of subcall function 00A81014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00A81036
                                                                                                                                                                                                                            • Part of subcall function 00A81014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81045
                                                                                                                                                                                                                            • Part of subcall function 00A81014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00A8104C
                                                                                                                                                                                                                            • Part of subcall function 00A81014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00A81062
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00A815BE
                                                                                                                                                                                                                          • _memcmp.LIBVCRUNTIME ref: 00A815E1
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00A81617
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000), ref: 00A8161E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1592001646-0
                                                                                                                                                                                                                          • Opcode ID: bfa539f2109f67cf6fab3afe5a125809453093f620ccd77a64db8cb40b1031ec
                                                                                                                                                                                                                          • Instruction ID: bfe776dfd061b03db5ac09baccd09935acaac9115caf23dcce98490ee07181f3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfa539f2109f67cf6fab3afe5a125809453093f620ccd77a64db8cb40b1031ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3217C71E00109EFDF14EFA4C945BEEB7B8FF84354F184569E481AB251E730AA46CBA0
                                                                                                                                                                                                                          Function 00AB2782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000EC), ref: 00AB280A
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AB2824
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00AB2832
                                                                                                                                                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00AB2840
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2169480361-0
                                                                                                                                                                                                                          • Opcode ID: b837007d5302820c7fe864cd4c97d9b54a5809b77350a60cedc0f4d51f2244f7
                                                                                                                                                                                                                          • Instruction ID: aac89e9b22dc9bec5f528b4722f72936c55143b48189a73e268393809b86039e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b837007d5302820c7fe864cd4c97d9b54a5809b77350a60cedc0f4d51f2244f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1421AF31204511AFD714DB68C845FAA7BA9AF85324F148259F4268B6E3CB71FC82CBE0
                                                                                                                                                                                                                          Function 00A878F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A88D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00A8790A,?,000000FF,?,00A88754,00000000,?,0000001C,?,?), ref: 00A88D8C
                                                                                                                                                                                                                            • Part of subcall function 00A88D7D: lstrcpyW.KERNEL32(00000000,?,?,00A8790A,?,000000FF,?,00A88754,00000000,?,0000001C,?,?,00000000), ref: 00A88DB2
                                                                                                                                                                                                                            • Part of subcall function 00A88D7D: lstrcmpiW.KERNEL32(00000000,?,00A8790A,?,000000FF,?,00A88754,00000000,?,0000001C,?,?), ref: 00A88DE3
                                                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00A88754,00000000,?,0000001C,?,?,00000000), ref: 00A87923
                                                                                                                                                                                                                          • lstrcpyW.KERNEL32(00000000,?,?,00A88754,00000000,?,0000001C,?,?,00000000), ref: 00A87949
                                                                                                                                                                                                                          • lstrcmpiW.KERNEL32(00000002,cdecl,?,00A88754,00000000,?,0000001C,?,?,00000000), ref: 00A87984
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                          • String ID: cdecl
                                                                                                                                                                                                                          • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                          • Opcode ID: 40c4cf918343f10741658202da4539a563023ae413cc55cb61dbe8edc75264ca
                                                                                                                                                                                                                          • Instruction ID: 6034c98a8b01dcdeb8677bd6f9fa18cbe8170bcc11f9d15d14e8fe0328bcfdc1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40c4cf918343f10741658202da4539a563023ae413cc55cb61dbe8edc75264ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B211E93A200342AFCB15AF39D845D7E77A9FF45390B60412AF946CB265EF31D811C751
                                                                                                                                                                                                                          Function 00AB7CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00AB7D0B
                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00AB7D2A
                                                                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00AB7D42
                                                                                                                                                                                                                          • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00A9B7AD,00000000), ref: 00AB7D6B
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Long
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 847901565-0
                                                                                                                                                                                                                          • Opcode ID: d37a5361e5c41249eb7ab174af67f811b1261ba3df9b9bfa84efd5a5174745a9
                                                                                                                                                                                                                          • Instruction ID: f28e16195e22f1bd1c88ca5ff3c50e0f93d7aead10dfa62a8ee9f051473d5ecf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d37a5361e5c41249eb7ab174af67f811b1261ba3df9b9bfa84efd5a5174745a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50118E31604615AFCB10DFA8CC44EBA3BA9AF853A0F254724F839D72F2D7719951CB90
                                                                                                                                                                                                                          Function 00AB5660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001060,?,00000004), ref: 00AB56BB
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB56CD
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AB56D8
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001002,00000000,?), ref: 00AB5816
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend_wcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 455545452-0
                                                                                                                                                                                                                          • Opcode ID: 4b559ae4899aee8f0ea0ab4581b294c8ebe9e72b4d0ffd734c84244da2cc18ba
                                                                                                                                                                                                                          • Instruction ID: dfecea410219bc9003ea5b735ecd12b98feebe80b30037a6e0236b2ef86296ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b559ae4899aee8f0ea0ab4581b294c8ebe9e72b4d0ffd734c84244da2cc18ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA11B475E00608AADB20DFB18C85BEE777CEF55764B108526F915D6083EB748981CBA0
                                                                                                                                                                                                                          Function 00A51D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b6229daa5006290e643eb0d40a24f7be952b8582c7b9967f076e963a25eeb714
                                                                                                                                                                                                                          • Instruction ID: 191ff2ecd70b358ec65c13f151e4ef1231ba64989f0dbf8b37131575ee4ec476
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6229daa5006290e643eb0d40a24f7be952b8582c7b9967f076e963a25eeb714
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19018FB320561A7EF62126B86CC0F77666CFF817BAB300325FD31611E2DB708C484160
                                                                                                                                                                                                                          Function 00A81A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B0,?,?), ref: 00A81A47
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A81A59
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A81A6F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00A81A8A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: a52b2397a6dc08c9ffacf347ea45d65314898e748892f73ddabb32ef667ab4a0
                                                                                                                                                                                                                          • Instruction ID: f93b3c6398e7be6e5f7e133322d50a4276a7c9ee3632380e137b13d52f916583
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a52b2397a6dc08c9ffacf347ea45d65314898e748892f73ddabb32ef667ab4a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0B11393AD01219FFEB10EBA4CD85FADFB78EB08750F200091EA10B7290D6716E51DB94
                                                                                                                                                                                                                          Function 00A8E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00A8E1FD
                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,?,?), ref: 00A8E230
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00A8E246
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00A8E24D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2880819207-0
                                                                                                                                                                                                                          • Opcode ID: 80676947185fb00fd3c635b4eb1435b45e47f88b9f06b508c2647bb8526d4ade
                                                                                                                                                                                                                          • Instruction ID: 520129debf7c9b739218fbb1040a7c9a3ebbd22caf55c25550e308d457e338e0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80676947185fb00fd3c635b4eb1435b45e47f88b9f06b508c2647bb8526d4ade
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0811C876904254FBCB01EFE8AC05EEE7FADAB45320F144365F914E72A1E6B0890587A0
                                                                                                                                                                                                                          Function 00A4D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,?,00A4CFF9,00000000,00000004,00000000), ref: 00A4D218
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A4D224
                                                                                                                                                                                                                          • __dosmaperr.LIBCMT ref: 00A4D22B
                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000), ref: 00A4D249
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 173952441-0
                                                                                                                                                                                                                          • Opcode ID: 9de5e3e1c55a2f62dc6f6c25f6ca5bed0a16d98abc3bad6b3373232aca92d089
                                                                                                                                                                                                                          • Instruction ID: 2e8f30900390c46c4de0d70d5f0cd1fe7126a4658f2e3cdc22cf420396171b9e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9de5e3e1c55a2f62dc6f6c25f6ca5bed0a16d98abc3bad6b3373232aca92d089
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD01B93A8052147BDB119BB5DC09BEF7A69EFC1731F204319F925961E1DBB1C905C7A0
                                                                                                                                                                                                                          Function 00AB9EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00A39BB2
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00AB9F31
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00AB9F3B
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB9F46
                                                                                                                                                                                                                          • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00AB9F7A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4127811313-0
                                                                                                                                                                                                                          • Opcode ID: 10044cca9c03d86f8a21b25e070731fed2c39a7a807d04d2f0e211bd20791af7
                                                                                                                                                                                                                          • Instruction ID: 2bcd483048738c777c7cae8a2496638277f820c83b8e3cbfbcb64410a6a90caf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10044cca9c03d86f8a21b25e070731fed2c39a7a807d04d2f0e211bd20791af7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2711063290011AABDB10DFA8D985DFF77BDEB46321F000555FA11E3152D770BA82CBA1
                                                                                                                                                                                                                          Function 00A2600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A2604C
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 00A26060
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000030,00000000), ref: 00A2606A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3970641297-0
                                                                                                                                                                                                                          • Opcode ID: 07c4323889e57524b5c80cce69e1a0d21bba68fc0a32bb3a0d33a2dc89876911
                                                                                                                                                                                                                          • Instruction ID: b5c76ad68243d467237166e6aac3d2e0abf981bbf5db29cc90d1883ffee7b8aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07c4323889e57524b5c80cce69e1a0d21bba68fc0a32bb3a0d33a2dc89876911
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D511A172106518FFEF128FA8AC44EEA7B69FF09365F044211FA0452020D732DC60EBA0
                                                                                                                                                                                                                          Function 00A43B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 00A43B56
                                                                                                                                                                                                                            • Part of subcall function 00A43AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00A43AD2
                                                                                                                                                                                                                            • Part of subcall function 00A43AA3: ___AdjustPointer.LIBCMT ref: 00A43AED
                                                                                                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 00A43B6B
                                                                                                                                                                                                                          • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00A43B7C
                                                                                                                                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00A43BA4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 737400349-0
                                                                                                                                                                                                                          • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                          • Instruction ID: 7b5fc700a509c7c608b5c20ba19aa9706c14d1e22c8a34a99ea0d4907d665a19
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3701E937100149BBDF126F95CD46EEB7B69EF98754F044114FE4896121C732E961DBA0
                                                                                                                                                                                                                          Function 00A53073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00A213C6,00000000,00000000,?,00A5301A,00A213C6,00000000,00000000,00000000,?,00A5328B,00000006,FlsSetValue), ref: 00A530A5
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00A5301A,00A213C6,00000000,00000000,00000000,?,00A5328B,00000006,FlsSetValue,00AC2290,FlsSetValue,00000000,00000364,?,00A52E46), ref: 00A530B1
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00A5301A,00A213C6,00000000,00000000,00000000,?,00A5328B,00000006,FlsSetValue,00AC2290,FlsSetValue,00000000), ref: 00A530BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                                                                          • Opcode ID: c81aec4d9cfc43a333631fcc68e277580e8e1b4a45da3b3709d52d9720a3b988
                                                                                                                                                                                                                          • Instruction ID: 9f4cebd686c5e4b5d2c3f5b28eb229f83ea7131622513d79cf30bd824ec0f832
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c81aec4d9cfc43a333631fcc68e277580e8e1b4a45da3b3709d52d9720a3b988
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A201B533301322ABCF218BA8AC44D667798BF857B2B110720FD05E7192C731DD0AC6E0
                                                                                                                                                                                                                          Function 00A87464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00A8747F
                                                                                                                                                                                                                          • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00A87497
                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00A874AC
                                                                                                                                                                                                                          • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00A874CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1352324309-0
                                                                                                                                                                                                                          • Opcode ID: 2ca9f298e45d31e57075d4e8188f6560afd136a0e1c21d61c0ff2eae8129c187
                                                                                                                                                                                                                          • Instruction ID: 728497f4ba4801f87b1bee6b689380889c22e2f2c99dfe468d8eb417637a28aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ca9f298e45d31e57075d4e8188f6560afd136a0e1c21d61c0ff2eae8129c187
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0411C4B52053109FE720EF58DC08F967FFCEB00B10F208569A656D6152D770E904DB60
                                                                                                                                                                                                                          Function 00A8B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A8ACD3,?,00008000), ref: 00A8B0C4
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A8ACD3,?,00008000), ref: 00A8B0E9
                                                                                                                                                                                                                          • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00A8ACD3,?,00008000), ref: 00A8B0F3
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A8ACD3,?,00008000), ref: 00A8B126
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2875609808-0
                                                                                                                                                                                                                          • Opcode ID: 030f1faff70ab34d0cbdbb3b663738463c438a36a0f216fbefec2363f0a764a9
                                                                                                                                                                                                                          • Instruction ID: c0d2a7b23b19f8c34de4535d8e898748c285f3db1149cdba99e2a5b390233e44
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 030f1faff70ab34d0cbdbb3b663738463c438a36a0f216fbefec2363f0a764a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E116D31C1152CE7CF00EFE8E998AEEBF78FF09721F104286D981B6192CB3056518B61
                                                                                                                                                                                                                          Function 00AB7E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00AB7E33
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB7E4B
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00AB7E6F
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00AB7E8A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 357397906-0
                                                                                                                                                                                                                          • Opcode ID: 5dab2e58e6801dd2052d3ac228e83f1f3229fef0178720780297ee2ab3ec14ba
                                                                                                                                                                                                                          • Instruction ID: 20c9f421d6837030aabc24b4a950ffe6b061d6fca67f42895409fab1db1f6b05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dab2e58e6801dd2052d3ac228e83f1f3229fef0178720780297ee2ab3ec14ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 391156B9D0024AAFDB41CF98C8849EEBBF9FF08310F505166E915E3221D775AA55CF50
                                                                                                                                                                                                                          Function 00A82DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00A82DC5
                                                                                                                                                                                                                          • GetWindowThreadProcessId.USER32(?,00000000), ref: 00A82DD6
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00A82DDD
                                                                                                                                                                                                                          • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00A82DE4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2710830443-0
                                                                                                                                                                                                                          • Opcode ID: ce401c9d4c3db1a079b66b6bb5cb2f4e57846f2c2a6ceace9a15cca1fec97ca5
                                                                                                                                                                                                                          • Instruction ID: b36008e9ddc99dbce5d5c3f0098cdde2fb0aa10b591fcb298ede210049d23aa2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce401c9d4c3db1a079b66b6bb5cb2f4e57846f2c2a6ceace9a15cca1fec97ca5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9E0ED725012247BE7206BA69C0DFFB7F6DEB56BB1F401215B505D10A29AA58942C7B0
                                                                                                                                                                                                                          Function 00AB8863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A39639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00A39693
                                                                                                                                                                                                                            • Part of subcall function 00A39639: SelectObject.GDI32(?,00000000), ref: 00A396A2
                                                                                                                                                                                                                            • Part of subcall function 00A39639: BeginPath.GDI32(?), ref: 00A396B9
                                                                                                                                                                                                                            • Part of subcall function 00A39639: SelectObject.GDI32(?,00000000), ref: 00A396E2
                                                                                                                                                                                                                          • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00AB8887
                                                                                                                                                                                                                          • LineTo.GDI32(?,?,?), ref: 00AB8894
                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00AB88A4
                                                                                                                                                                                                                          • StrokePath.GDI32(?), ref: 00AB88B2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1539411459-0
                                                                                                                                                                                                                          • Opcode ID: 0b78e9282564224756f7f6c56d4120972eb675897ab23d82360b400d233b475d
                                                                                                                                                                                                                          • Instruction ID: 2ab25a069ef4cf705ef44fd5bbf55d59f7e5a8c505ab81d574a5a0087212f8b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b78e9282564224756f7f6c56d4120972eb675897ab23d82360b400d233b475d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EF0DA36045259FBDB12AFD8AC0AFDA3A59AF06320F448200FA11650F2C7BA5552DFE5
                                                                                                                                                                                                                          Function 00A398B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 00A398CC
                                                                                                                                                                                                                          • SetTextColor.GDI32(?,?), ref: 00A398D6
                                                                                                                                                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00A398E9
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 00A398F1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4037423528-0
                                                                                                                                                                                                                          • Opcode ID: 9943a037e078873bdd380f6cd7bb7b1b67244e17cb70ab9bfe526043229a89aa
                                                                                                                                                                                                                          • Instruction ID: 91147873ef4b1ba09b271ab1bb14cbbbcc4ffd26745e23189ec4d8949f3a1781
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9943a037e078873bdd380f6cd7bb7b1b67244e17cb70ab9bfe526043229a89aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CE06D31244280AADB219BB8BC09FED3F20AB12336F04C319F6FA680F2C37146419B20
                                                                                                                                                                                                                          Function 00A8162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 00A81634
                                                                                                                                                                                                                          • OpenThreadToken.ADVAPI32(00000000,?,?,?,00A811D9), ref: 00A8163B
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00A811D9), ref: 00A81648
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,?,?,?,00A811D9), ref: 00A8164F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3974789173-0
                                                                                                                                                                                                                          • Opcode ID: 89bb1ecae9382b76b6d7db4ebbe49bd31ceb723cb862f6968613c243e202383a
                                                                                                                                                                                                                          • Instruction ID: f02ce9b2f78037827924520e5b720dc93e6f757a0cf15a46305b27db03514ad7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89bb1ecae9382b76b6d7db4ebbe49bd31ceb723cb862f6968613c243e202383a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FE08631601211DBD7207FE09D0DF863B7CBF447A5F184918F285C90A1E6344542C760
                                                                                                                                                                                                                          Function 00A7D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00A7D858
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00A7D862
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A7D882
                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 00A7D8A3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                          • Opcode ID: cc096e4b915ad8e802ef2d20b1b7bcce7f686d97eeae8861d6f75e1bcdf570c0
                                                                                                                                                                                                                          • Instruction ID: 3688e849bf62ec20db126d9620fa36cfbdb19f6ec3804fdfd7dd0a8f46ad675e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc096e4b915ad8e802ef2d20b1b7bcce7f686d97eeae8861d6f75e1bcdf570c0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CE01AB4C00204DFCB41EFE4D908E6DBBB1FB48320F109119F806E7261C7384902AF50
                                                                                                                                                                                                                          Function 00A7D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 00A7D86C
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00A7D876
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00A7D882
                                                                                                                                                                                                                          • ReleaseDC.USER32(?), ref: 00A7D8A3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2889604237-0
                                                                                                                                                                                                                          • Opcode ID: a9b6e2ef4c2ef47990a1308a8faf56fb923558a15bcfe55a0589bee2f3113a41
                                                                                                                                                                                                                          • Instruction ID: 220cfa19d284fd5cb9dda4d341706c0f99628ccec377e56ee81751e8a22bbe7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b6e2ef4c2ef47990a1308a8faf56fb923558a15bcfe55a0589bee2f3113a41
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27E012B4C00204EFCB40EFE8E908E6DBBB1BB48320F109108F80AE7261CB385902AF50
                                                                                                                                                                                                                          Function 00A94D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A27620: _wcslen.LIBCMT ref: 00A27625
                                                                                                                                                                                                                          • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00A94ED4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Connection_wcslen
                                                                                                                                                                                                                          • String ID: *$LPT
                                                                                                                                                                                                                          • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                          • Opcode ID: 470191503432702850949376666412dfd8af8e6dc6e3831fff4d59dd9cc56d3f
                                                                                                                                                                                                                          • Instruction ID: 2f49434d7aa37388dfc232c49c10d8fb997643d96eca562bac0fae066c5c7c27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 470191503432702850949376666412dfd8af8e6dc6e3831fff4d59dd9cc56d3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1917F75A002159FCF14DF58C584EAABBF1BF48704F188099E80A9F762D735EE86CB90
                                                                                                                                                                                                                          Function 00A4E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 00A4E30D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                          • Opcode ID: fa432627b7ca7f3a810537be0fd26ea7b1bd50cf917f2d7166f1bfc786100280
                                                                                                                                                                                                                          • Instruction ID: bf1384f8db586698ed6eb6eedaee1e0a2aae75eb9d571898f47116dfa10b36dd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa432627b7ca7f3a810537be0fd26ea7b1bd50cf917f2d7166f1bfc786100280
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0517175A0C20296CB16FB14EA027BD3BB4FB80742F304958ECD5562E9DF358C999F86
                                                                                                                                                                                                                          Function 00A3E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: #
                                                                                                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                                                                                                          • Opcode ID: 06e2cbc251c7b15d579c7c5f3b06bccda971b7966265dadc760466baf056d12b
                                                                                                                                                                                                                          • Instruction ID: 88e2807afa6095a24741ccb515a9bd6a17fe2604007d15c1198687922b410eac
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06e2cbc251c7b15d579c7c5f3b06bccda971b7966265dadc760466baf056d12b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89513435600246DFDF19DFA8C881AFA7BA8EF19310F24C0A9F8959B2D0D6349D52CB90
                                                                                                                                                                                                                          Function 00A3F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Sleep.KERNEL32(00000000), ref: 00A3F2A2
                                                                                                                                                                                                                          • GlobalMemoryStatusEx.KERNEL32(?), ref: 00A3F2BB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                          • Opcode ID: 5aa1564ee176b2b99b3f37a601b95192c22978da14b853520db73066752ed3f4
                                                                                                                                                                                                                          • Instruction ID: 617ce81a258ba942025f7dbdc55f596be80b65c49696db5fa72fa74212977900
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aa1564ee176b2b99b3f37a601b95192c22978da14b853520db73066752ed3f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 95512771408744ABD320EF54E986BAFBBF8FB84710F81885DF1D9411A5EB708529CBA6
                                                                                                                                                                                                                          Function 00AA5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00AA57E0
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00AA57EC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                          • String ID: CALLARGARRAY
                                                                                                                                                                                                                          • API String ID: 157775604-1150593374
                                                                                                                                                                                                                          • Opcode ID: 8be1c049ac490b91041b11812b50e2ef7bf7f88e793d2af4ac66627476db5f76
                                                                                                                                                                                                                          • Instruction ID: 256eeebfd8f89489be7a275bedcd17805e6e3e1e7552f35d8ba6331660101194
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8be1c049ac490b91041b11812b50e2ef7bf7f88e793d2af4ac66627476db5f76
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8441AE31E002099FCB14DFB8C9819AEBBB5FF5A320F144029F505A7292E7349D81DBA4
                                                                                                                                                                                                                          Function 00A9D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A9D130
                                                                                                                                                                                                                          • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00A9D13A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                          • String ID: |
                                                                                                                                                                                                                          • API String ID: 596671847-2343686810
                                                                                                                                                                                                                          • Opcode ID: 77a8adcd616577dde29cb80913aca0ea5baa1a6de46e85c291c0d673e2141075
                                                                                                                                                                                                                          • Instruction ID: 74f3eeddcff6d44d9c2c23ceb0ffcfccf9d8ef88b60a8351c7a17b7079b25a7c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 77a8adcd616577dde29cb80913aca0ea5baa1a6de46e85c291c0d673e2141075
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA314F71D01219ABCF15EFA8DD85EEE7FB9FF04340F100129F815A6162EB31AA46DB60
                                                                                                                                                                                                                          Function 00AB356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyWindow.USER32(?,?,?,?), ref: 00AB3621
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00AB365C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$DestroyMove
                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                          • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                          • Opcode ID: 2fc355a3c3cb33885d72cc0092af66d536c77aba89dc8b6855f553e912d3876a
                                                                                                                                                                                                                          • Instruction ID: 9539f21ada584e92257b46b4c803e79519bc85e6d1e409c22de03bac67ea83fc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fc355a3c3cb33885d72cc0092af66d536c77aba89dc8b6855f553e912d3876a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81319E72110604AEDB24DF68DC90EFB73ADFF88720F009619F8A5D7291DA30AD81D760
                                                                                                                                                                                                                          Function 00AB4537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00AB461F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00AB4634
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID: '
                                                                                                                                                                                                                          • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                          • Opcode ID: 1f9ed46d6e1c419fbf808a6b3050709dd2baf08894454206915a9c0d90583321
                                                                                                                                                                                                                          • Instruction ID: f0c22be16afcb71b0b56c1306a272ed9b82012d67577a132512073b4ea55c503
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f9ed46d6e1c419fbf808a6b3050709dd2baf08894454206915a9c0d90583321
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3311974A017199FDF14CFA9C990BEA7BB9FF49300F14416AE905AB352E770A941CF90
                                                                                                                                                                                                                          Function 00AB31EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00AB327C
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00AB3287
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID: Combobox
                                                                                                                                                                                                                          • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                          • Opcode ID: 953a5ea45a32cd1c1dc26bbafe007e40b8a60529031721d88b6d4cec46f3abf0
                                                                                                                                                                                                                          • Instruction ID: ae9fb6a9a23a9100f2ae767e4153bb6af14e42d0b85c9956cd26450718e795e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 953a5ea45a32cd1c1dc26bbafe007e40b8a60529031721d88b6d4cec46f3abf0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A611B6723001087FEF11DF94DC81EFB376EEB64364F104224F91597292D6759D519760
                                                                                                                                                                                                                          Function 00AB3710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00A2604C
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: GetStockObject.GDI32(00000011), ref: 00A26060
                                                                                                                                                                                                                            • Part of subcall function 00A2600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00A2606A
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00AB377A
                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 00AB3794
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                          • String ID: static
                                                                                                                                                                                                                          • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                          • Opcode ID: 30eef794c44c4a8825c1a20b52f77252b8ced80c5ea9b33247acd82b9293e418
                                                                                                                                                                                                                          • Instruction ID: 0d7f27d8477481380f312c709f11ecfe4c9bc80895925538788826dbd63a6ca6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30eef794c44c4a8825c1a20b52f77252b8ced80c5ea9b33247acd82b9293e418
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 481129B2610209AFDF00DFA8CC45EFA7BB8FB08354F004A24F956E2251EB35E851DB60
                                                                                                                                                                                                                          Function 00A9CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00A9CD7D
                                                                                                                                                                                                                          • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00A9CDA6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$OpenOption
                                                                                                                                                                                                                          • String ID: <local>
                                                                                                                                                                                                                          • API String ID: 942729171-4266983199
                                                                                                                                                                                                                          • Opcode ID: edc25956b4f18d0a36abc8d8485cb4263d108892f9e9c97179315eff7ae3e851
                                                                                                                                                                                                                          • Instruction ID: d24020c7e2c3c6fcbf9ba74e1c0ac200031d81680c7cf65dcf3c3bc2ec930aae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edc25956b4f18d0a36abc8d8485cb4263d108892f9e9c97179315eff7ae3e851
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA11C2B1305A31BADB384BA68C49EE7BEECEF127B4F00422AB10983090D7749941D6F0
                                                                                                                                                                                                                          Function 00AB3429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowTextLengthW.USER32(00000000), ref: 00AB34AB
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00AB34BA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                          • String ID: edit
                                                                                                                                                                                                                          • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                          • Opcode ID: a00771fb9d17b920ad1414cd747aa5eb0515e97f8d2e4cb0dc08b5ada2f7b863
                                                                                                                                                                                                                          • Instruction ID: e5777df312b588f36359ca9615a0d148cca2b9f3e5c448c9bc226e7de89e42f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a00771fb9d17b920ad1414cd747aa5eb0515e97f8d2e4cb0dc08b5ada2f7b863
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC115872100208AAEF228FA89C84AEA376EEB05775F504724F961931E2C775DC919B60
                                                                                                                                                                                                                          Function 00A86C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                          • CharUpperBuffW.USER32(?,?,?), ref: 00A86CB6
                                                                                                                                                                                                                          • _wcslen.LIBCMT ref: 00A86CC2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                          • String ID: STOP
                                                                                                                                                                                                                          • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                          • Opcode ID: 9fc5e7eea344504d640e5093d98b7084b32214b28da58f60a50629089376292e
                                                                                                                                                                                                                          • Instruction ID: 8708b5de7ac037fdd5b6c215149fca5a03cace5bd8431ee559f91c6a55d633d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fc5e7eea344504d640e5093d98b7084b32214b28da58f60a50629089376292e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1101C032A109268BEB21BFFDDD909BF77B6FB65714B100538E86296191EB31D901C750
                                                                                                                                                                                                                          Function 00A81CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00A81D4C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                          • Opcode ID: f80a6af87314dc91f521160fcf1756f10e02afe9479f2904ccba87fa590a14aa
                                                                                                                                                                                                                          • Instruction ID: 3168d739697acd378af162d00c088dc2d9be7c763f74acec70b6f50d77083f9a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f80a6af87314dc91f521160fcf1756f10e02afe9479f2904ccba87fa590a14aa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE01D875A01228ABCF04FBA4DD51DFF73A8FB46750F040A29F862572D1EA3059098760
                                                                                                                                                                                                                          Function 00A81BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000180,00000000,?), ref: 00A81C46
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                          • Opcode ID: 6cb097a83631b350401d9a2fa3d666587bde81c39a351fa17ccb7781d3f1ac8d
                                                                                                                                                                                                                          • Instruction ID: 2ca4bf8df07563e43fb5c391261797a8e1ee81905a311d49cc375d8806a3fbc9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6cb097a83631b350401d9a2fa3d666587bde81c39a351fa17ccb7781d3f1ac8d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6201A7F5A811186BCF04FBA4DA61DFF77ACBB15740F140029A40667281EA249E0D87B1
                                                                                                                                                                                                                          Function 00A81C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000182,?,00000000), ref: 00A81CC8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                          • Opcode ID: 70209b6756b054ed26768a3d0c93feb1403e5ec817f2c85881a53f5e09908215
                                                                                                                                                                                                                          • Instruction ID: 418643d296e581a88650f9da3c3aae86681c615ac027742845a1f1d61237cd31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70209b6756b054ed26768a3d0c93feb1403e5ec817f2c85881a53f5e09908215
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D0186F5A811186BCF14FBA5DB11EFF77ACAB11740F140425B80273281EA659F19C772
                                                                                                                                                                                                                          Function 00A81D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A29CB3: _wcslen.LIBCMT ref: 00A29CBD
                                                                                                                                                                                                                            • Part of subcall function 00A83CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00A83CCA
                                                                                                                                                                                                                          • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00A81DD3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                          • String ID: ComboBox$ListBox
                                                                                                                                                                                                                          • API String ID: 624084870-1403004172
                                                                                                                                                                                                                          • Opcode ID: 5ebbdb0267ef08fe3dc31623219471baa609a83e7287cf930fb159645d835aae
                                                                                                                                                                                                                          • Instruction ID: 7af0d1b7e4f3ef298416e70bf69c3b04f0c5402af2099f0a5201c1f1bed72b4a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ebbdb0267ef08fe3dc31623219471baa609a83e7287cf930fb159645d835aae
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9F0A4B1A412286BDB04F7A9DE62FFF77BCBB01750F040D25B822632C1EA6059098361
                                                                                                                                                                                                                          Function 00AA747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                                                                          • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                          • API String ID: 176396367-3042988571
                                                                                                                                                                                                                          • Opcode ID: 636ee986e246e2a4891424b588fef61ea458335990471de0c3db09ac4d31a29c
                                                                                                                                                                                                                          • Instruction ID: f8c16d5d3c564246a70f5a3412a0536ed2b3b3728657023ca3c94d60dc52c800
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 636ee986e246e2a4891424b588fef61ea458335990471de0c3db09ac4d31a29c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DE09B16615260219232137A9DC1A7F578DDFCE750714182BF985C32A7EF948D92A3A1
                                                                                                                                                                                                                          Function 00A80B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00A80B23
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message
                                                                                                                                                                                                                          • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                          • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                          • Opcode ID: c325395b1e4bfca90e9157c5fabd05b7856b47e790fa24184f5974cb7fade80b
                                                                                                                                                                                                                          • Instruction ID: c4a76dfd22dd8a8e1a12634a8b2fc2450fb21ac2037528609d25c5e7603acb3d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c325395b1e4bfca90e9157c5fabd05b7856b47e790fa24184f5974cb7fade80b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FE080322453583BD21437957D07FC97F889F05F75F200426FB58955D38EE1649047E9
                                                                                                                                                                                                                          Function 00A40D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00A3F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00A40D71,?,?,?,00A2100A), ref: 00A3F7CE
                                                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,00A2100A), ref: 00A40D75
                                                                                                                                                                                                                          • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00A2100A), ref: 00A40D84
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00A40D7F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                          • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                          • API String ID: 55579361-631824599
                                                                                                                                                                                                                          • Opcode ID: d70aab131cf5bddbad6efaaf00dceabda618e806dce2978399024cd55dbdd044
                                                                                                                                                                                                                          • Instruction ID: 87990bb527afd692ed3dde5cfe5fc2a6a08c257367883fe5fe4c07e0b6608c72
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d70aab131cf5bddbad6efaaf00dceabda618e806dce2978399024cd55dbdd044
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4BE06D746003118FD370EFBCE904B927BE4BF04740F044A2DE582C6662EBB5E4499BA1
                                                                                                                                                                                                                          Function 00A93017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00A9302F
                                                                                                                                                                                                                          • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00A93044
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Temp$FileNamePath
                                                                                                                                                                                                                          • String ID: aut
                                                                                                                                                                                                                          • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                          • Opcode ID: 87855f65539a24e8bad411f61f71448677f8c9bd550fd75d8eedc8e7c9b48e63
                                                                                                                                                                                                                          • Instruction ID: 354a7d9566a6b84cc778fd1d11736cbdf7ecfc874b9a85fad370bd2a3a2ad649
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87855f65539a24e8bad411f61f71448677f8c9bd550fd75d8eedc8e7c9b48e63
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD05B7150031477DA20E7D59C0DFC73A6CD704760F0006617755D20A1DAB09545CBD0
                                                                                                                                                                                                                          Function 00A7D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LocalTime
                                                                                                                                                                                                                          • String ID: %.3d$X64
                                                                                                                                                                                                                          • API String ID: 481472006-1077770165
                                                                                                                                                                                                                          • Opcode ID: 712e945d92be4b267bb3aab978324cbc71cad53216465e85d9296cccdb62b19a
                                                                                                                                                                                                                          • Instruction ID: 04a41656ffa893dc1350f1615e13d0e08ae419613b0e775b7d20c5a82cfed980
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 712e945d92be4b267bb3aab978324cbc71cad53216465e85d9296cccdb62b19a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0D012B1C08109FACB90A6D0DC458FEB37CBF08301F50C452F90AA1042D624C50A67A1
                                                                                                                                                                                                                          Function 00AB2322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AB232C
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00AB233F
                                                                                                                                                                                                                            • Part of subcall function 00A8E97B: Sleep.KERNEL32 ref: 00A8E9F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                          • Opcode ID: 1a7866ac377eabb47831284c669faa4c6be4a4cc742052198cfd8ef6b6d5fba4
                                                                                                                                                                                                                          • Instruction ID: 50ecf3a4644126ff76b6954779cbf93ac2c1fc352ec3aed19c0199de1fc8d03c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a7866ac377eabb47831284c669faa4c6be4a4cc742052198cfd8ef6b6d5fba4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00D0C9363D4350B6E664F7B19C1FFD6BA14AB14B20F004A16B685AA1E1D9E4A8428A54
                                                                                                                                                                                                                          Function 00AB2356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00AB236C
                                                                                                                                                                                                                          • PostMessageW.USER32(00000000), ref: 00AB2373
                                                                                                                                                                                                                            • Part of subcall function 00A8E97B: Sleep.KERNEL32 ref: 00A8E9F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                          • String ID: Shell_TrayWnd
                                                                                                                                                                                                                          • API String ID: 529655941-2988720461
                                                                                                                                                                                                                          • Opcode ID: 71481cf8158eb5c0e64fc73ef08ee961829ca830a54b2cb85e2fd7d6eb6ee7a0
                                                                                                                                                                                                                          • Instruction ID: bf326b8b706972991ad37171aae0ba55f0c1ea53c8328309142d697580f9b743
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71481cf8158eb5c0e64fc73ef08ee961829ca830a54b2cb85e2fd7d6eb6ee7a0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06D0C9323C1350BAE664F7B19C0FFD6B614AB14B20F004A16B685AA1E1D9E4A8428A54
                                                                                                                                                                                                                          Function 00A5BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00A5BE93
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00A5BEA1
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00A5BEFC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000006.00000002.1344271922.0000000000A21000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A20000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344251316.0000000000A20000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000ABC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344333833.0000000000AE2000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344388011.0000000000AEC000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000006.00000002.1344406686.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_6_2_a20000_file.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1717984340-0
                                                                                                                                                                                                                          • Opcode ID: 0593b630e7d61ce9ae31e4171a12c2b56d65142b268d27d944c0a33d7eecfc39
                                                                                                                                                                                                                          • Instruction ID: 776a7e33e272e397468f7ea6bca16201313367e075fdcbba9453c7db45000ac7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0593b630e7d61ce9ae31e4171a12c2b56d65142b268d27d944c0a33d7eecfc39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F641C334610206AFCB21CFA5DD45AAABBA5BF41323F244169FD599B1E1DB30CD09CB70

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:0.4%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                          Signature Coverage:100%
                                                                                                                                                                                                                          Total number of Nodes:6
                                                                                                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                                                                                                          execution_graph 5009 13d84099bf2 5010 13d84099c49 NtQuerySystemInformation 5009->5010 5011 13d84097fc4 5009->5011 5010->5011 5006 13d84072377 5007 13d84072387 NtQuerySystemInformation 5006->5007 5008 13d84072324 5007->5008

                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 0000013D84099BF2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000019.00000002.2541516337.0000013D84097000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000013D84097000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_25_2_13d84097000_firefox.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                          • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                                                                                                                          • API String ID: 3562636166-3072146587
                                                                                                                                                                                                                          • Opcode ID: 4791d340b90b83b9e582c1117ab7709437205e4863388a97698239cfbe9a5427
                                                                                                                                                                                                                          • Instruction ID: 9cbc0dac3028448464451b66c940d5405f00269640696166140580bbc2d45f77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4791d340b90b83b9e582c1117ab7709437205e4863388a97698239cfbe9a5427
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26A3E431618A488BDB2DDF28EC852FA77E5FB94300F14426ED84AD7255DF34EA128BC1